Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SoC ideas about nping

From: GuangLiang Yang <gygl09 () gmail com>
Date: Sat, 27 Mar 2010 01:23:21 +0800
Hi Luis,

  Yeah, the authentication scheme is the most important factor that
should be considered. And I think the method for authentication
described in protocolDescribe.txt is advisabale for us. There is not a
effective method to attack HMAC based on sha256. Brute force maybe the
most common attack to find the shared key. So if we take a little
attention to our key, everything will be fine.
  And I want to know if there is a document about requirement or
design. If it's convenient, can I get it?3q~~

Regards,
Yang.

On 3/25/10, Luis M. <luis.mgarc () gmail com> wrote:

Hi Yang,


On 03/25/2010 06:00 AM, GuangLiang Yang wrote:


And I have two questions.
1. Which way should the keys distrubution be runing in? If we just
make designs simple, entering keys by keyboard both in client and
server maybe fine. But if conditions is complicated, it's better to
use TTP(Trusted Third Partner). The TTP can be build in a smple way,
just with functions of registing, generating keys etc.




In my opinion there's no need at all for any third parties, PKI or other
complicated authentication & key management schemes. The thing here is
that, as the Nping Echo Server will echo packets captured from the local
network interface, we have to add a bit of security to prevent attackers
from obtaining potentially sensitive information. (e.g: attacker
connects to nping echo server and says is going to send TCP traffic to
port 23. We certainly don't want the guy to get another user's telnet
session packets).

So the thing is: we need to add some authentication to the protocol but
there is no need for complicated stuff. I think one symmetric key per
nping echo server is enough. However, I may have skipped something so
I'd be glad to hear comments on this.



2. And it's better to add one optional byte to QUIT packets header,
which can identify the type of error. Because the QUIT operation is
not just used in two conditions described in "2.11 Operation QUIT", it
will make everything more clearly.




You are right. It would be nice to have an error code in QUIT.

Regards,

Luis.



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: