[Previous] [Next] [Index]
[Thread]
Re: what are realistic threats?
> Okay, let me ask a very specific question, one that my original posting
> asked in an obscure and elliptical way. The question is, How realistic
> a threat are active attacks? I'm talking about the kind of attack
> where you interpose your machine on a wire and can intercept, replace,
> or change messages. (Passively listening and then replaying messages
> or pretending to be someone else are also active attacks, I guess, but
> I'm primarily concerned with those that require physical access to the
> network.)
This sort of attack is not as difficult as you might think. It is not
especially more difficult than conducting a wiretap on an analog line.
If the rewards for doing so are sufficiently high, there will be plenty
of people who will mount this sort of attack. To be more specific:
when the amount of money or goods that can be stolen in a short time
period by this sort of attack reaches the US$100k to US$250k range, then
this attack will become commonplace.
Please worry about this right from the start, if at all possible.
Best,
-Mike Muuss
Leader, Advanced Computer Systems Team
Survivability and Lethality Analysis Directorate
The US Army Research Laboratory
Attn: AMSRL-SL-BV
APG, MD 21005-5068 USA
<Mike @ ARL.MIL>
410-278-6678 Voice
410-278-6656 Secretary
410-278-5058 FAX
Follow-Ups: