Re: Web Traffic Security and Eavesdropping

[mojorising <moj0rising () aim com>]

Cool, cool. This makes a lot of sense. I've got a pretty solid
understanding of it now.

Thanks again, everyone.


Mike



2008/11/17 Shreyas Zare <shreyas () technitium com>:
> Hi,
>
> I would just say that a determined person can do anything. The
> simplest way can be to get into the same network by getting hold of a
> single compromised machine and then just sniff for the data. The BGP
> attack is quite possible but in practice how guaranteed the attack is
> a question. Still, the point is it can be carried out from any node on
> the internet that makes it dangerous.
>
> Regards,
>
> On Sun, Nov 16, 2008 at 4:19 PM, Adam Pal <pal_adam () gmx net> wrote:
> > Hello Mike,
> >
> > My feeling is that you are both right, the one who asked you how it is
> > possible and you.
> > It is not possible when the attacker is not on the same virtual path
> > (lets say path instead network) but the attacker has -as the
> > wired-article describes- the possibility to bring himself on the path
> > for instance by modifying the route (BGP).
> >
> > As you see, the answer to your question is no. You cannot pick up any
> > information from a flow you are not connected to somehow.
> > The webserver doesnt see all the information, it sees all information
> > delivered to it once he is a part of the virtual path the information
> > took.
> >
> >
> >
> > --
> > Best regards,
> >  Adam Pal
>
> --
> ("Relax, its only ONES and ZEROS !")
>
> Shreyas Zare
> Co-Founder, Technitium
> eMail: shreyas () technitium com
>
> ..::< The Technitium Team >::..
> Visit us at www.technitium.com
> Contact us at theteam () technitium com
>
> Join Sci-Tech News group and get the latest science & technology news
> in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news
> to join.