Bugtraq mailing list archives
Re: Would an encrypted tunnel solve the SeqNo guessing attack?
From: smb () research att com (smb () research att com)
Date: Mon, 30 Jan 95 12:09:54 EST
I'm not keen on the idea of people grabbing my telnet session away from me and making free with it. I'm resigned to the notion that they can steal it; I'd like to make it useless to them once they've got it. Suppose I took term (a multiplexing, compressing, error-correcting serial tunnel program) and added encryption, and rigged that to be my login shell. I'd log in to the computer, and after my S/Key prompt it'd fire up an encrypted term. I don't see any way some could burgle in through that. Have I missed something fundamental here? Or would this work?
Encrypting will defeat the attack; however, different methods of encrypting will have different properties. If you encrypt at application level, above TCP, someone who tries to inject garbage will perpetrate a denial of service attack on you. If you encrypt below TCP, garbage will be rejected, and the normal TCP retransmission mechanisms will recover.
Current thread:
- Re: Would an encrypted tunnel solve the SeqNo guessing attack? smb () research att com (Jan 30)