re: what are realistic threats

• To: dmk@allegra.att.com (Dave Kristol)
• Subject: re: what are realistic threats
• From: shirey@mitre.org (Robert W. Shirey)
• Date: Thu, 29 Sep 94 13:20:37 EDT
• Cc: www-buyinfo@allegra.att.com, www-security@ns1.rutgers.edu
• Reply-To: shirey@mitre.org (Robert W. Shirey)

At  9:00 AM 9/29/94 -0400, Dave Kristol wrote:

>
>Okay, I stand corrected.  There's still one class of stuff that seems
>to fall in a gray area:  bogus packets introduced by an adversary, such
>as for replay attacks or to otherwise fool a host.  Your definition
>only makes that an *active attack* if it actually affects system
>operation.  The packets were no doubt MEANT to affect system operation,
>but perhaps countermeasures thwart the attack.  I think the definition
>of *active attack* should reflect intent, not success.

That's a thoughtful comment, for which I thank you.  It reminds me of how
X.400 series documents use the term "intended recipient" when referring to
addressing messages, rather than recipient.  You don't know when you send
it that it will in fact be received.

• Previous: Re: what are realistic threats?
• Next: Re: what are realistic threats -Reply
• Index(es):
  • Index
  • Thread