Andy Shellam (Mailing Lists) wrote: > Hi Robert, > > Thanks for your description below but I'm still struggling to come to > terms with how NLG can be used to attack another site. > Firstly, my understanding of an XSS attack is of the following: > > - Client requests a page (eg. www.yahoo.com) > - Hacker strips the response packets off the wire and replaces them with > packets that have come from (eg. www.google.co.uk) > - Client receives www.google.co.uk as a result of hacker's actions >
That's a MITM (Man/Monkey In The Middle) attack. XSS is when your browser is fooled to request data from a server but thinks it's requesting it from a place it trusts. No browser can protect itself against MITM (barring encryption ofc, which doesn't work if the monkey holds the key). Securing layer 2 and 3 of network communication is the job of the kernel. -- Andreas Ericsson [EMAIL PROTECTED] OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null