tcp/routing question...
Bruno Wolff III
bruno at wolff.to
Wed Jun 8 18:02:13 UTC 2005
On Wed, Jun 08, 2005 at 11:36:29 +0800,
Lai Zit Seng <lzs at pobox.com> wrote:
> On Tue, 7 Jun 2005, Scot L. Harris wrote:
>
> >On Tue, 2005-06-07 at 19:34, Lai Zit Seng wrote:
> >>
> >>In practice, there are many ways to do this, so it's actually not terribly
> >>difficult. E.g. one could subvert the DNS so that the client
> >>unwittingly connects to the wrong server.
> >
> >Agreed there are several different ways to attempt a man in the middle
> >attack. None of them are what I would call easy to do. :)
>
> Actually... sure it may not be "trivial", but at the same time it is not
> all that difficult.
Unless the person is using a broken resolver (which allows for cache poisoning
attacks to work) this isn't going to be easy. You either need to be able
be able to intercept their network traffic and perform a MitM attack
(which corrupting DNS was proposed to be easier than) or do blind spoofing,
which is generally going to have a very small chance of working (smaller
with some resolvers than others) and will leave a signature if you try
to flood lots of guesses and/or do anything to the real dns server to
prevent it from sending legit packets.
More information about the users
mailing list