[ntp:questions] Re: server's address in ntp payload?
davids at webmaster.com
Sun Nov 27 21:39:55 UTC 2005
"Danny Mayer" <mayer at ntp.isc.org> wrote in message
news:4389126F.9030603 at ntp.isc.org...
> David Schwartz wrote:
>> Anyone who thinks you can use IP addresses to protect against MIM
>> attacks doesn't understand what a MIM attack is. The MIM can certainly
>> each end's IP address to the other machine.
> You need to understand it's usage within the autokey protocol to
> understand that there's a lot more that goes into it than just the IP
> IP addresses are easy to spoof, but the usage within autokey
> is not.
That is a meaningless statement. If you mean that the autokey protocol
has security that has nothing to do with IP addresses that prevent MIM
attacks, you would be correct. However, the use of an IP address as a key
for lookups has nothing to do with autokey's MIM protection.
> You are confusing the addresses for their usage within the protocol.
No, I'm not. I'm simply saying that the IP address is of no use to
protect against a MIM. The algorithm would work exactly the same and just as
well without the IP address. A randomly chosen 32-bit number included in
every packet would protect against MIM-attacks equally well.
Part of the point of a MIM attack is to presume that attacker has full
control over the IP addresses. A randomly-chosen 32-bit integer would do the
same thing and equally well be under control of the MIM.
More information about the questions