[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: tcp/routing question...



On Tue, 7 Jun 2005, Scot L. Harris wrote:

On Tue, 2005-06-07 at 19:34, Lai Zit Seng wrote:
On Tue, 7 Jun 2005, Scot L. Harris wrote:

The difficulty is in getting a system inserted into such a position.  It
typically requires physically inserting a system in the path unless the
attacker is able to mess with the end systems proxy settings and
redirect things that way.

In practice, there are many ways to do this, so it's actually not terribly difficult. E.g. one could subvert the DNS so that the client unwittingly connects to the wrong server.

Agreed there are several different ways to attempt a man in the middle attack. None of them are what I would call easy to do. :)

Actually... sure it may not be "trivial", but at the same time it is not all that difficult.


There much easier ways to attempt to break into systems.

That is true. And the attacker will (or at least ought to!) choose the weakest link, considering also the type of expertise he has.


Just because something is difficult for some people doesn't mean it is difficult for others. An analogy: Many ways to break into a house. Not everyone knows how to pick a lock... so perhaps it is easier to break the glass window. But someone else with lock picking skills would probably prefer picking the lock (preferred because no glass breaking noise to attract attention).

Breaking into computers could be similar. There are people with network expertise. They know how to subvert DNS. Or they know how to inject routes. Or they know where to find tools to do ARP spoofing. Otoh, someone else may have more skills with buffer overflowing SSH daemons, or mangling URLs to the webserver, etc. Ah, and then yet someone else might have even better social engineering skills :)

Furthermore, consider an attacker who has some motivation (e.g. monetary...) to break into the system. If he doesn't have the skills... he will find out, or he will find someone to do it, etc.

The more likely vector for attacks are inside personnel and poor
security procedures (bad passwords, sloppy firewall rules, etc.).

That's happens very often, I agree :)

Regards,

.lzs
--
http://zitseng.com/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]