On Thu, 14 Jul 2005, Bob Snyder wrote: > I don't see a problem with challenge/response, since there's no obscured > message there. The only issue I see is that you aren't protecting the > session, so after you authenticate, someone closer/stronger than you > could insert malicious commands into the stream. I've seen details of > man-in-the-middle exploits on the Internet where commands were inserted > in a telnet stream without the connecting station knowing by syncing up > sequence numbers and the like.
While I can see this as possible on amateur radio data streams, I'd think it unlikely for someone to want to bother with it due to the speeds we use. If we're talking 802.11a/b/g/h though it might be of a bit more interest to the black-hats. Still, you're usually talking about hams here, and I'd think few if any would be interested in doing this sort of attack on RF. On the internet there are a lot of bored individuals and commercial/ military/ government-sponsored hackers that would be more than happy to try to mess with you. If we're talking about packets that gate from RF to the internet then at least part of the stream is in that no-mans land where anything goes. In that case we need as much protection for the session and for authentication as we can get that is legally allowed on the RF side of things. -- Curt, WE7U. APRS Client Comparisons: http://www.eskimo.com/~archer "Lotto: A tax on people who are bad at math." -- unknown "Windows: Microsoft's tax on computer illiterates." -- WE7U "The world DOES revolve around me: I picked the coordinate system!" - To unsubscribe from this list: send the line "unsubscribe linux-hams" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
