Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: news story and router passwords

From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sat, 14 Oct 2000 21:07:27 +0200
Just a quick addition there, IP based authentication cannot secure the
machine on a compromised network, since if the intruder can sniff the
passwords from a session, he can also sniff the TCP sequence numbers and
therefore successfully spoof a connection from the same location.


Or, slightly less complicated but may not work: DoS secure network node,
down eth0, switch IP to secure network node, up eth0.


If you're going to use IP limited authentication, you must ensure that the
connection between that IP and the router you're admining is not
sniffable...of course, this defeats the entire point of worrying about
your password being sniffed :)


SSH + firewall limited ip access makes up a hard nut to crack though.

(however, merely limited ip access will stop most scriptkids! ;)

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

             http://www.eff.org/cafe
Previous By Date Next
Previous By Thread Next

Current thread: