[Gllug] IP address changes
Jason Clifford
jason at ukfsn.org
Mon Nov 27 08:36:11 UTC 2006
On Sun, 26 Nov 2006, Alain Williams wrote:
> Yes - but getting the routing back would be interesting ... those packets
> intended for him vs those for the user.... hmmm, but I suppose that this
> is exactly what a natting firewall will do .... yes, you are right,
> it may not add much.
A man in the middle attack means that, by definition, the attacker is in a
place to intercept the packets and do whatever he wants.
> OK: let's turn the question around: is it worth protecting against session
> hijacking, if so how to do it ? I don't want the cost of https.
Nothing but encryption is real protection against mitm attacks. Anything
else is just another process for the attacker to enter into and if someone
really does care enough to do this you can be fairly sure they will jump
through those hoops.
Either go https or use a simple mechanism so as to make your life easier.
Jason
--
UKFSN.ORG Finance Free Software while you surf the 'net
http://www.ukfsn.org/ up to 8Mb ADSL Broadband from just £14.98
http://www.linuxadsl.co.uk/ ADSL routers from just £21.98
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list