<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Suggestions for changes/improvements for the CIPE protocol
From: Ganesh Sittampalam <ganesh,AT,earth,DOT,li>
Date: Mon, 28 Oct 2002 19:24:55 +0100
In-reply-to: <Pine.LNX.4.33L2.0210210941470.693-100000@ida.rowland.org>

On Mon, 21 Oct 2002 09:44:18 -0400 (EDT), Alan Stern
<stern,AT,rowland,DOT,harvard,DOT,edu> wrote:

>could not encrypt the forged address.  An objection is that often a
>host does not know its own UDP address (if it is behind a firewall
>that uses NAT, for example).  That presents no difficulty; we can add
>a field to the echo-reply packet which should contain the sending UDP
>address of the corresponding echo-request.  Thus a host can learn its
>UDP address simply by asking its peer.  However, I believe this whole

This is just as vulnerable to the man-in-the-middle attack where the
attacker can substitute packets, however. The machine that didn't know its
own UDP address would have to at least have some idea of what could be a
correct UDP address and what couldn't.


<< | Thread Index | >> ]    [ << | Date Index | >> ]