Re: Would an encrypted tunnel solve the SeqNo guessing attack?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: jweiss@MIT.EDU: "Re: Athena Wide Systems by MIT..."
• Previous message: Michael Shanzer: "Re: Athena Wide Systems by MIT..."
• Maybe in reply to: Bennett Todd: "Would an encrypted tunnel solve the SeqNo guessing attack?"

> I'm not keen on the idea of people grabbing my telnet session away from me
> and making free with it. I'm resigned to the notion that they can steal
> it; I'd like to make it useless to them once they've got it.
> 
> Suppose I took term (a multiplexing, compressing, error-correcting serial
> tunnel program) and added encryption, and rigged that to be my login shell.
> I'd log in to the computer, and after my S/Key prompt it'd fire up an
> encrypted term. I don't see any way some could burgle in through that.
> 
> Have I missed something fundamental here? Or would this work?

Encrypting will defeat the attack; however, different methods of
encrypting will have different properties. 

If you encrypt at application level, above TCP, someone who tries
to inject garbage will perpetrate a denial of service attack on you.
If you encrypt below TCP, garbage will be rejected, and the normal
TCP retransmission mechanisms will recover.

• Next message: jweiss@MIT.EDU: "Re: Athena Wide Systems by MIT..."
• Previous message: Michael Shanzer: "Re: Athena Wide Systems by MIT..."
• Maybe in reply to: Bennett Todd: "Would an encrypted tunnel solve the SeqNo guessing attack?"