Nmap Development mailing list archives
Re: SoC ideas about nping
From: GuangLiang Yang <gygl09 () gmail com>
Date: Sat, 27 Mar 2010 01:23:21 +0800
Hi Luis, Yeah, the authentication scheme is the most important factor that should be considered. And I think the method for authentication described in protocolDescribe.txt is advisabale for us. There is not a effective method to attack HMAC based on sha256. Brute force maybe the most common attack to find the shared key. So if we take a little attention to our key, everything will be fine. And I want to know if there is a document about requirement or design. If it's convenient, can I get it?3q~~ Regards, Yang. On 3/25/10, Luis M. <luis.mgarc () gmail com> wrote:
Hi Yang, On 03/25/2010 06:00 AM, GuangLiang Yang wrote:And I have two questions. 1. Which way should the keys distrubution be runing in? If we just make designs simple, entering keys by keyboard both in client and server maybe fine. But if conditions is complicated, it's better to use TTP(Trusted Third Partner). The TTP can be build in a smple way, just with functions of registing, generating keys etc.In my opinion there's no need at all for any third parties, PKI or other complicated authentication & key management schemes. The thing here is that, as the Nping Echo Server will echo packets captured from the local network interface, we have to add a bit of security to prevent attackers from obtaining potentially sensitive information. (e.g: attacker connects to nping echo server and says is going to send TCP traffic to port 23. We certainly don't want the guy to get another user's telnet session packets). So the thing is: we need to add some authentication to the protocol but there is no need for complicated stuff. I think one symmetric key per nping echo server is enough. However, I may have skipped something so I'd be glad to hear comments on this.2. And it's better to add one optional byte to QUIT packets header, which can identify the type of error. Because the QUIT operation is not just used in two conditions described in "2.11 Operation QUIT", it will make everything more clearly.You are right. It would be nice to have an error code in QUIT. Regards, Luis.
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- SoC ideas about nping GuangLiang Yang (Mar 23)
- Re: SoC ideas about nping Luis M. (Mar 23)
- Re: SoC ideas about nping GuangLiang Yang (Mar 24)
- Re: SoC ideas about nping Luis M. (Mar 25)
- Re: SoC ideas about nping GuangLiang Yang (Mar 26)
- Re: SoC ideas about nping GuangLiang Yang (Mar 27)
- Re: SoC ideas about nping GuangLiang Yang (Mar 24)
- Re: SoC ideas about nping Luis M. (Mar 23)