Re: Would an encrypted tunnel solve the SeqNo guessing attack?

[smb () research att com (smb () research att com)]

> I'm not keen on the idea of people grabbing my telnet session away from me
> and making free with it. I'm resigned to the notion that they can steal
> it; I'd like to make it useless to them once they've got it.
>
> Suppose I took term (a multiplexing, compressing, error-correcting serial
> tunnel program) and added encryption, and rigged that to be my login shell.
> I'd log in to the computer, and after my S/Key prompt it'd fire up an
> encrypted term. I don't see any way some could burgle in through that.
>
> Have I missed something fundamental here? Or would this work?

Encrypting will defeat the attack; however, different methods of
encrypting will have different properties. 

If you encrypt at application level, above TCP, someone who tries
to inject garbage will perpetrate a denial of service attack on you.
If you encrypt below TCP, garbage will be rejected, and the normal
TCP retransmission mechanisms will recover.