bedouglas at earthlink.net
Tue Jun 7 16:20:13 UTC 2005
which all of this gets back to what i was discussing yesterday, regarding
knowing that the site you're trying to talk to is the right site! and being
able to do this from both the client/server side...
in reality, it's become clear that you need to really be able to encrypt the
client ip address, and send this information to the server. at the same
time, the server needs to be able to do this, and send it to the client.
each of these pieces of information are then presented to the cleint
browser, so the user can more or less determine that they're actually
dealing with the right machine/site...
this would/should in essence provide a reasonable approach to detecting a
now, for this to work.. there would have to be an additional client
side/server side app that examines the transaction/data stream/ip addresses
to determine where the traffic is coming from, and to more or less
validate/match the ip addresses with what the client/server expects..
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com]On Behalf Of Andy Green
Sent: Tuesday, June 07, 2005 9:04 AM
To: For users of Fedora Core releases
Subject: Re: tcp/routing question...
-----BEGIN PGP SIGNED MESSAGE-----
| which means that a mitm attack would have to appear to be both the
| client/server to the actual server/client...
| but if what you say is true... then mitm attacks aren't really
| a server/app in the middle of the client/server.
| keep in mind, i'm not sure this kind of attack is really worth worrying
| about. but i am concerned.
Scot's short answer is "yes, but" where my short answer is "no", but we
are saying the same thing. As Scot said, if you have really intercepted
the bank's network so you can proxy their traffic, then you can do these
If the situation is that the hopeful MITM machine is somewhere random on
the Internet and does not control the client or the bank's machines or
There are so many ways to pervert communication that there is always a
residual chance that you are totally hacked already and just can't tell.
~ For example, any upstream in Fedora could have been compromised and we
are all compromised right now: you can't disprove it. You just have to
throw up your hands in the end.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
More information about the users