Re: what are realistic threats?

• To: Dave Kristol <dmk@allegra.att.com>
• Subject: Re: what are realistic threats?
• From: Mike Muuss <mike@arl.mil>
• Date: Wed, 28 Sep 94 3:02:32 GMT
• Cc: www-buyinfo@allegra.att.com, www-security@ns1.rutgers.edu, zurko@osf.org
• Reply-To: Mike Muuss <mike@arl.mil>

> Okay, let me ask a very specific question, one that my original posting
> asked in an obscure and elliptical way.  The question is, How realistic
> a threat are active attacks?  I'm talking about the kind of attack
> where you interpose your machine on a wire and can intercept, replace,
> or change messages.  (Passively listening and then replaying messages
> or pretending to be someone else are also active attacks, I guess, but
> I'm primarily concerned with those that require physical access to the
> network.)

This sort of attack is not as difficult as you might think.  It is not
especially more difficult than conducting a wiretap on an analog line.

If the rewards for doing so are sufficiently high, there will be plenty
of people who will mount this sort of attack.  To be more specific:
when the amount of money or goods that can be stolen in a short time
period by this sort of attack reaches the US$100k to US$250k range, then
this attack will become commonplace.

Please worry about this right from the start, if at all possible.

	Best,
	 -Mike Muuss

	  Leader, Advanced Computer Systems Team
	  Survivability and Lethality Analysis Directorate
	  The US Army Research Laboratory
	  Attn: AMSRL-SL-BV
	  APG, MD  21005-5068  USA

	  <Mike @ ARL.MIL>

	  410-278-6678 Voice
	  410-278-6656 Secretary
	  410-278-5058 FAX

• Re: what are realistic threats?
• From: hallam@dxal18.cern.ch

• Previous: re: what are realistic threats? (second issue) -Reply
• Next: Re: what are realistic threats?
• Index(es):
  • Index
  • Thread