Vulnerability Development mailing list archives
Re: spoofing the ethernet address
From: dimitrios.petropoulos () REUTERS COM (Dimitrios Petropoulos x9234 Singer / 4)
Date: Wed, 8 Mar 2000 10:28:41 +0000
One helpful measure owuld be to impliment the authentication in the network hardware to reduce CPU usage. However, a real solution to this class of attack is needed.
I think the point here is that verifying a MAC address might not be very
useful to a remote host who only knows its peer by IP address (MACs are
only useful in LAN but not in internet level). On the other hand, if MAC
*and* IP addresses are bound with a certificate then each time a host is
reconfigured with a different address (either IP because it's moved between
networks or MAC because a different NIC is installed) the certificate will
be invalidated.
Furthermore, authentication protocols involve real-time exchange of
messages which do not necessarily fit in with models where communication is
sometimes one way or connectionless. In challenge-response protocols a
verifier has to provide the challenge in order to be convinced of a
claimant's identity (otherwise there's no variant parameter in the message
and therefore messages from other protocol executions can be replayed). A
typical exchange would be
- A identifies itself to B
- B challenges A to prove its identity (e.g. sends random number)
- A responds to the challenge (e.g. sign random number with private key)
- B verify response (e.g. verify signature using A's public key)
(assuming a valid copy of A's public key is available to B)
The above does not always fit very well in situations where a communication
between parties consists of e.g. only one message or is of connectionless
nature. For established communications this is taken care of in higher
levels (network level or higher).
Regards,
Dimitrios
-----------------------------------------------------------------
Visit our Internet site at http://www.reuters.com
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Reuters Ltd.
Current thread:
- [Fwd: Single SignOn], (continued)
- [Fwd: Single SignOn] Blue Boar (Mar 06)
- Re: TCP CyberPsychotic (Mar 06)
- callbook in services ? Maurycy Prodeus (Mar 04)
- Re: spoofing the ethernet address Pauli Ojanpera (Mar 02)
- Re: spoofing the ethernet address Seth R Arnold (Mar 05)
- Re: spoofing the ethernet address H D Moore (Mar 05)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 06)
- Re: spoofing the ethernet address Buhrmaster, Gary (Mar 06)
- Re: spoofing the ethernet address Pauli Ojanpera (Mar 06)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 07)
- Re: spoofing the ethernet address Dimitrios Petropoulos x9234 Singer / 4 (Mar 08)
- [Q] CORBA, IIOP Simon Tamás (Mar 08)
- Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Mikael Olsson (Mar 09)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Nicolas Justin (Mar 10)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Liviu Daia (Mar 10)
- MS Frontpage shtml.dll Path Leak Vulnerability Greg (Mar 12)
- NT 4.0 (Workstation) Logon Authentication Vulnerability jhw1970 () HOTMAIL COM (Mar 14)
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Phil Cox (Mar 14)
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Maxime Rousseau (Mar 15)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 07)
- Re: MS Frontpage shtml.dll Path Leak Vulnerability Marc (Mar 14)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Simon Tamás (Mar 13)