RE: MiM Simultaneous close attack

From: David Schwartz (davidsat_private)
Date: Fri Aug 17 2001 - 11:11:39 PDT

Next message: Dom De Vitto: "RE: MiM Simultaneous close attack"

Previous message: big bon: "RE: MiM Simultaneous close attack"
In reply to: Malcolm Jack: "RE: MiM Simultaneous close attack"
Next in thread: Dom De Vitto: "RE: MiM Simultaneous close attack"
Next in thread: big bon: "RE: MiM Simultaneous close attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Excuse my ignorance, but wouldn't a switched network be a remedy for this
> attack?  Unless you are using some type of 'port mirroring' functionality
> (at the switch) the attacking computer sitting in promiscuous mode would
> only hear broadcast traffic.  Right? Or am I missing something?

	The attack issue is that if a certain packet is sent, the two hosts will
get into an endless loop. How hard or easy it is to send that packet
mitigates the attack but doesn't remedy it. To remedy it, the behavior in
response to that packet would have to change. Staying out of the jungle
isn't a remedy for malaria.

	DS

Next message: Dom De Vitto: "RE: MiM Simultaneous close attack"
Previous message: big bon: "RE: MiM Simultaneous close attack"
In reply to: Malcolm Jack: "RE: MiM Simultaneous close attack"
Next in thread: Dom De Vitto: "RE: MiM Simultaneous close attack"
Next in thread: big bon: "RE: MiM Simultaneous close attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 15:35:17 PDT