marcelo bagnulo braun writes: > but the potential concern here is that the attacker can choose for which > established connection he wants to disable the encryption and eavesdrop. > if you protect the FIN and the RST bit, even with unauthticated key, it > is not possible to do this once the DH exchange has ocurred.
It is still active attack. With active attacks the attacker, can also act as man in the middle for every single connection if he feels like. To be able to pick one of the encrypted connections and only do man in the middle against that is not that big change. Also with active attack attacker can also simply drop all packets having suitable selectors, thus causing the connection to timeout and then he can again do the same attack. > I mean, if we protect the FIN and RST bit,s once the security > association between the endpoints has ocurred, an external attacker is > unable to disable the encryption, i believe. Not true. If he adds filter that will drop all those TCP packets, and then forces them to go to plain text connection (for example doing active attack and removing the tcpinc signaling), or act as man-in-the-middle. If you want to protect against active attack you need policy which will authenticate the other end and which do not allow any unauthenticated unencrypted connections between peer. For that kind of uses, you simply need to use TLS, IPsec or SSH... Note, that dropping all frames is easier if we enforce the tcp header protection, as attacker can simply configure one of the routers to do something for the header which will cause message authentication of the tcp header to fail. For example flip the PSH bit in router. This will most likely go unnoticed for unencrypted connections, but will break all connections that will try to verify the TCP header flags... -- [email protected] _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
