'Re: DSA for CVE-2016-5696 (off-path blind TCP session attack)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-security
Subject:    Re: DSA for CVE-2016-5696 (off-path blind TCP session attack)
From:       Dylan Frese <dmfrese () gmail ! com>
Date:       2016-08-16 19:40:35
Message-ID: CAL7Q8Rz2xCVJcwSkrFvzFUTjNzf7eqp0B5b425zOwewrSH9RSQ () mail ! gmail ! com
[Download RAW message or body]

An 'in-path' TCP session attack is typically called being
man-in-the-middled or MitM'd. Encrypted and signed transport security
protocols, e.g., SSL, TLS, SSH, thwart this, and prevent guessing a
sequence number from doing anything more than a DoS by resetting the
connection. But someone who's man-in-the-middling you can DoS you anyway,
by just not sending the packets they intercept to their destination.

On Tue, Aug 16, 2016 at 2:33 PM, Elmar Stellnberger <estellnb@gmail.com>
wrote:

> Has anyone every thought of an in-path TCP session attack and of
> encrypting sequence numbers by a given secret negotiated in advance between
> both endpoints? If an intelligence service ever wanted to do so I guess
> they could drive an in-path attack against TCP (as they tend to sit on the
> internet backbones everywhere they could easily listen to all packets that
> pass by.).
>
>
> Am 2016-08-15 um 20:42 schrieb Sam Morris:
>
>> On Fri, 12 Aug 2016 17:46:56 +0200, Jakub Wilk wrote:
>>
>> * Salvatore Bonaccorso <carnil@debian.org>, 2016-08-12, 17:35:
>>>
>>>> mitigation could be used as per https://lwn.net/Articles/696868/ .
>>>>
>>>
>>> This is behind paywall at the moment.
>>>
>>
>> Anyone who wishes to read this may use the following link:
>>
>> https://lwn.net/SubscriberLink/696868/4d074b4d12dcb3dc/
>>
>> And if you like the article, consider subscribing to LWN! Now that I
>> think about it, I'm pretty sure there's a group membership available to
>> all DDs anyway.
>>
>>
>


-- 
OpenPGP Public Key Fingerprint: A1BE CD54 A9B9 ADDB EE8B  35E5 1F6D 61B4
0C5E 2AB

[Attachment #3 (text/html)]

<div dir="ltr">An &#39;in-path&#39; TCP session attack is typically called being \
man-in-the-middled or MitM&#39;d. Encrypted and signed transport security protocols, \
e.g., SSL, TLS, SSH, thwart this, and prevent guessing a sequence number from doing \
anything more than a DoS by resetting the connection. But someone who&#39;s \
man-in-the-middling you can DoS you anyway, by just not sending the packets they \
intercept to their destination.<br><div class="gmail_extra"><br><div \
class="gmail_quote">On Tue, Aug 16, 2016 at 2:33 PM, Elmar Stellnberger <span \
dir="ltr">&lt;<a href="mailto:estellnb@gmail.com" \
target="_blank">estellnb@gmail.com</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Has anyone every thought of an in-path TCP session attack and \
of encrypting sequence numbers by a given secret negotiated in advance between both \
endpoints? If an intelligence service ever wanted to do so I guess they could drive \
an in-path attack against TCP (as they tend to sit on the internet backbones \
everywhere they could easily listen to all packets that pass by.).<div><div><br> <br>
Am 2016-08-15 um 20:42 schrieb Sam Morris:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> On Fri, 12 Aug 2016 17:46:56 +0200, Jakub Wilk wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
                solid;padding-left:1ex">
* Salvatore Bonaccorso &lt;<a href="mailto:carnil@debian.org" \
target="_blank">carnil@debian.org</a>&gt;, 2016-08-12, 17:35:<br> <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> mitigation could be used as per <a \
href="https://lwn.net/Articles/696868/" rel="noreferrer" \
target="_blank">https://lwn.net/Articles/69686<wbr>8/</a> .<br> </blockquote>
<br>
This is behind paywall at the moment.<br>
</blockquote>
<br>
Anyone who wishes to read this may use the following link:<br>
<br>
<a href="https://lwn.net/SubscriberLink/696868/4d074b4d12dcb3dc/" rel="noreferrer" \
target="_blank">https://lwn.net/SubscriberLink<wbr>/696868/4d074b4d12dcb3dc/</a><br> \
<br> And if you like the article, consider subscribing to LWN! Now that I<br>
think about it, I&#39;m pretty sure there&#39;s a group membership available to<br>
all DDs anyway.<br>
<br>
</blockquote>
<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><font size="1">OpenPGP Public Key Fingerprint: <font face="monospace, \
monospace">A1BE CD54 A9B9 ADDB EE8B   35E5 1F6D 61B4 0C5E \
2AB</font></font><br><div><span \
style="font-size:12.8000001907349px"><br></span></div></div></div></div></div></div></div>
 </div></div>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic