tcp/routing question...

Lai Zit Seng lzs at pobox.com
Wed Jun 8 03:36:29 UTC 2005 

On Tue, 7 Jun 2005, Scot L. Harris wrote:

> On Tue, 2005-06-07 at 19:34, Lai Zit Seng wrote:
>> On Tue, 7 Jun 2005, Scot L. Harris wrote:
>>
>>> The difficulty is in getting a system inserted into such a position.  It
>>> typically requires physically inserting a system in the path unless the
>>> attacker is able to mess with the end systems proxy settings and
>>> redirect things that way.
>>
>> In practice, there are many ways to do this, so it's actually not terribly
>> difficult. E.g. one could subvert the DNS so that the client
>> unwittingly connects to the wrong server.
>
> Agreed there are several different ways to attempt a man in the middle
> attack.  None of them are what I would call easy to do.  :)

Actually... sure it may not be "trivial", but at the same time it is not 
all that difficult.

> There much easier ways to attempt to break into systems.

That is true. And the attacker will (or at least ought to!) choose the 
weakest link, considering also the type of expertise he has.

Just because something is difficult for some people doesn't mean it is 
difficult for others. An analogy: Many ways to break into a house. Not 
everyone knows how to pick a lock... so perhaps it is easier to break the 
glass window. But someone else with lock picking skills would probably 
prefer picking the lock (preferred because no glass breaking noise to 
attract attention).

Breaking into computers could be similar. There are people with network 
expertise. They know how to subvert DNS. Or they know how to inject 
routes. Or they know where to find tools to do ARP spoofing. Otoh, someone 
else may have more skills with buffer overflowing SSH daemons, or mangling 
URLs to the webserver, etc. Ah, and then yet someone else might have even 
better social engineering skills :)

Furthermore, consider an attacker who has some motivation (e.g. 
monetary...) to break into the system. If he doesn't have the skills... he 
will find out, or he will find someone to do it, etc.

> The more likely vector for attacks are inside personnel and poor
> security procedures (bad passwords, sloppy firewall rules, etc.).

That's happens very often, I agree :)

Regards,

.lzs
--
http://zitseng.com/

More information about the fedora-list mailing list