Vulnerability Development mailing list archives
Re: news story and router passwords
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sat, 14 Oct 2000 21:07:27 +0200
Just a quick addition there, IP based authentication cannot secure the machine on a compromised network, since if the intruder can sniff the passwords from a session, he can also sniff the TCP sequence numbers and therefore successfully spoof a connection from the same location.
Or, slightly less complicated but may not work: DoS secure network node, down eth0, switch IP to secure network node, up eth0.
If you're going to use IP limited authentication, you must ensure that the connection between that IP and the router you're admining is not sniffable...of course, this defeats the entire point of worrying about your password being sniffed :)
SSH + firewall limited ip access makes up a hard nut to crack though. (however, merely limited ip access will stop most scriptkids! ;) ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe
Current thread:
- Re: news story and router passwords Vachon, Scott (Oct 12)
- Re: news story and router passwords Richard Johnson (Oct 14)
- Re: news story and router passwords Mark Teicher (Oct 15)
- Re: news story and router passwords Talisker (Oct 16)
- Re: news story and router passwords Mark Teicher (Oct 16)
- Re: news story and router passwords Mark Teicher (Oct 15)
- Re: news story and router passwords Richard Johnson (Oct 14)
- <Possible follow-ups>
- Re: news story and router passwords none none (Oct 12)
- Re: news story and router passwords Mr Rufus Faloofus (Oct 12)
- Re: news story and router passwords Vitaly McLain (Oct 13)
- Re: news story and router passwords bugtraq (Oct 13)
- Re: news story and router passwords antirez (Oct 14)
- Re: news story and router passwords Bluefish (P.Magnusson) (Oct 14)
- Re: news story and router passwords bug tracker (Oct 14)
- Re: news story and router passwords Mark Teicher (Oct 14)
- Re: news story and router passwords Lincoln Yeoh (Oct 15)
- Re: news story and router passwords Mark Teicher (Oct 14)