At 08:57 PM 10/17/2001 -0600, you wrote:> > A fully-encrypted connection would nearly eliminate the possibility of a > > man-in-the-middle attack either hijacking the session or surreptitiously > > switching bits mid-stream and changing the traffic on the fly. > >A man-in-the-middle attack is not easy to pull off. If you can show me >why some person would be incented to attack someone like this, then >maybe there is a case for it.I have (of course) two things to add here.. ;) #1 To the first fella.. encrypted data transfer does not prevent a man in the middle attack if there is any kind of authentication going on. At some point the client and server have to trade keys. At this point the data can be snooped (in the case of an exchange of plaintext, passwords for instance) or hijacked (in the case of something like diffie-hellman). The only way to really stop a MitM attack is to use some form of public key cryptography, and verify that you have the correct key through multiple, independant sources.. say call Jack on the phone and verify the key fingerprint; this is only truely secure however if you know Jacks voice and can be sure he doesn't have a gun to his head.. ;) #2 To Jack.. Anyone who has an interest in promoting their station above others has an interest in this. If they can either (as currently) lie about listener counts to rocket to the top of the list, or (in a listener count-less system) do something like hijack or fake out other connections to say.. blank out the correct URL, or update the server with meaningless data, they'll do it. --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
> #2 To Jack.. Anyone who has an interest in promoting their station above > others has an interest in this. If they can either (as currently) lie > about listener counts to rocket to the top of the list, or (in a listener > count-less system) do something like hijack or fake out other connections > to say.. blank out the correct URL, or update the server with meaningless > data, they'll do it.Performing a man-in-the-middle attack is quite difficult, certainly out of the range of many broadcasters. Maybe some one could do it, but it's easily noticeable. The chances of someone sucessfully attacking a target of their choice is quite slim in this system, unless they can assume control of the server machine or assume control of the source machine. In either of those situations, it would matter little what security method was used. The chances of randomly finding an attackable server (say by sniffing on your dorm network) is also slim. If this becomes a practical problem, there are certainly practical solutions. We can address it when we get there. If changing data on your own stream is easy (which it always is) and it affects your listing, people will do it; I agree with you. There is little incentive (besides random mischief) to alter others. And doing so is sufficiently difficult for practical purposes and so I feel this is an effective measure. It's certainly far improved from what's being commonly used now, and if needed, we can add more. Public keys are not really as easy to use as everyone would like. If needed it can be done. And I have no doubts that at some point something like this will get in there, but there's little reason to do so right now. But like I said, these decisions and thoughts are based on common scenarios, both that I've seen happen, and that I have figured out on my own. Preventing those scenarios is my goal, not absolute security. If you think there are scenarios that aren't being considered, or you feel strongly that sniffing attacks are sufficiently dangerous, then by all means speak up :) But I feel that for now we have 'enough' for current purposes. We can always change the amount. jack. --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Oct 17, 2001 at 08:57:13PM -0600, Jack Moffitt wrote:> A man-in-the-middle attack is not easy to pull off. If you can show me > why some person would be incented to attack someone like this, then > maybe there is a case for it. >Two easy motivations. #1 is deliberate sabotage. Let's say my station is not doing so well in the listings. I go after those who are doing well, and mess with their streamed information. Maybe re-point their URLs to me in order to hijack new users. #2 would just be wanton vandalism. If an exploit is found, you can be sure the s'kiddies will use it just because they're s'kiddies.> As it stands, if you want to change the data, it's much easier to break > into the directory server itself than it would be to perform a man in > the middle attack in my opinion. Or easier to break into the source > computer and do it there. >Oh, I concur. Personally, I'd go after whoever is hosting the directory server and attempt to social engineer my way into access. But remember, that's actual work. My fear is the exploit-s'kiddie problem.> I see no reason why anyone would go to such great lengths to alter the > data in question.I see no reason why anyone would constantly scan huge netblocks of cable modem users, looking for the occasional target to haX0r. But that doesn't stop the people who do. And to Allen, yes, I know that it wouldn't stop all MitM attacks. That's why I said "nearly eliminate". Hell, I'd rather all traffic be fully IPSec'd (ESP + AH) all the time, but that's just not feasible. Frankly, I don't know if the data involved is worth the overhead of even an SSL connection, much less some full key-exchange method. In the end, I'm just tossing out some ideas. I'm not the one who's actually going to code this, after all. :) - -- "Nothing's the same anymore." - Cmdr. Jeffrey Sinclair, Babylon-5, "Chrysalis" -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE7zlAsAmwSMwnpLHgRAmEQAJ9HO9FOIEHkYjTHGqYN+9oMpFP3ZQCaAxwL Dchd5fHXKvzMUzikXbS7+mc=quuS -----END PGP SIGNATURE----- --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
> A fully-encrypted connection would nearly eliminate the possibility of a > man-in-the-middle attack either hijacking the session or surreptitiously > switching bits mid-stream and changing the traffic on the fly.A man-in-the-middle attack is not easy to pull off. If you can show me why some person would be incented to attack someone like this, then maybe there is a case for it. As it stands, if you want to change the data, it's much easier to break into the directory server itself than it would be to perform a man in the middle attack in my opinion. Or easier to break into the source computer and do it there. I see no reason why anyone would go to such great lengths to alter the data in question. jack. --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
> My fear is the exploit-s'kiddie problem.Are there common exploits for man-in-the-middle? I've never seen one. I've seen rootkits, crackers, DoS tools, etc. But never anything as sophisticated as mitm.> I see no reason why anyone would constantly scan huge netblocks of cable > modem users, looking for the occasional target to haX0r. But that doesn't > stop the people who do.This is different from mitm. Scanning and trying rootkits is trivial. mitm is not. It's a different kind of attack. It's probably one of the most sophisticated, and the most dangerous if pulled off in the right situations. jack. --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.