[Previous] [Next] [Index]
[Thread]
re: what are realistic threats
[This posting is a response to multiple previous postings.]
Jeffrey I. Schiller <jis@mit.edu> says:
> How realistic an active attack is depends on what you call an active
> attack. I have seen programs that permit me to have a TCP connection to
> you and yet provide an arbitrary IP source address. I may not be able
> to see your responses, but I can feed you a lot of data that you will
> believe originated from the claimed IP address.
Yeah, I've had a hard time defining just what I mean. Let me try this
approach. Let me define a "software" attack as one that I can mount from
the comfort of my workstation. I would have superuser privilege and be
able to spoof IP addresses. Let me define a "hardware" attack as one
where I have to change the network configuration, perhaps by sticking a
box in-between two pieces of the network that are connected directly.
Given these definitions, an "active" attack is the same as a "hardware"
attack.
Gary Gaskell <gaskell@dstc.qut.edu.au> says:
> To some up.
> If an attack is known, it is possible, and a threat should not be leftt
> open. The problem maybe, as authentication protocols have shown, it is
> near impossible to say something is secure (similar to saying your code
> has no bugs!)
I agree in principle. ["When you say that you agree to a thing in
principle you mean that you have not the slightest intention of
carrying it out in practice." -- Bismarck] But I think there are two
gotchas:
1) Strong encryption in many cases implies public key systems. Such
systems haven't been deployed yet for two reasons (IMO): patent
questions and key management.
2) Not all applications may warrant the (admittedly desirable) stronger
security.
As has been said here and elsewhere, I suspect the decision will come
down to economics: How much money will be lost? By whom? How
tolerant are they of such losses.
Mike Muuss <mike@arl.mil> says:
> This sort of attack is not as difficult as you might think. It is not
> especially more difficult than conducting a wiretap on an analog line.
That seems pretty hard to me. Any idea how often they're done by non-
governmental people? [... since we know we can trust the government to
behave.]
>
> If the rewards for doing so are sufficiently high, there will be plenty
> of people who will mount this sort of attack. To be more specific:
> when the amount of money or goods that can be stolen in a short time
> period by this sort of attack reaches the US$100k to US$250k range, then
> this attack will become commonplace.
I wonder if the amount to be stolen from a WWW server is likely to reach
these levels "in a short time". Of course, if someone can collect credit
card numbers, the amount could add up quickly.
David M. Kristol
AT&T Bell Laboratories
Follow-Ups: