Re: DSA for CVE-2016-5696 (off-path blind TCP session attack)

[Dylan Frese <dmfrese@gmail.com>]

An 'in-path' TCP session attack is typically called being man-in-the-middled or MitM'd. Encrypted and signed transport security protocols, e.g., SSL, TLS, SSH, thwart this, and prevent guessing a sequence number from doing anything more than a DoS by resetting the connection. But someone who's man-in-the-middling you can DoS you anyway, by just not sending the packets they intercept to their destination.

On Tue, Aug 16, 2016 at 2:33 PM, Elmar Stellnberger <estellnb@gmail.com> wrote:

Has anyone every thought of an in-path TCP session attack and of encrypting sequence numbers by a given secret negotiated in advance between both endpoints? If an intelligence service ever wanted to do so I guess they could drive an in-path attack against TCP (as they tend to sit on the internet backbones everywhere they could easily listen to all packets that pass by.).

Am 2016-08-15 um 20:42 schrieb Sam Morris:

On Fri, 12 Aug 2016 17:46:56 +0200, Jakub Wilk wrote:

* Salvatore Bonaccorso <carnil@debian.org>, 2016-08-12, 17:35:

mitigation could be used as per https://lwn.net/Articles/696868/ .

This is behind paywall at the moment.

Anyone who wishes to read this may use the following link:

https://lwn.net/SubscriberLink/696868/4d074b4d12dcb3dc/

And if you like the article, consider subscribing to LWN! Now that I
think about it, I'm pretty sure there's a group membership available to
all DDs anyway.

--

OpenPGP Public Key Fingerprint: A1BE CD54 A9B9 ADDB EE8B  35E5 1F6D 61B4 0C5E 2AB