[NNTP] Comments on draft-...-authinfo-03
Charles Lindsey
chl at clerew.man.ac.uk
Wed Sep 29 06:00:24 PDT 2004
In <20040928125558.GS79552 at finch-staff-1.thus.net> "Clive D.W. Feather" <clive at demon.net> writes:
>Jeffrey M. Vinocur said:
>>>> When the server's LIST
>>>> EXTENSIONS response arrives, the client TCP stack discards it as a
>>>> duplicate.
>>> Only if it's exactly the same length. If it isn't, the two ends will now
>>> be out of sync.
>>> Attacker sends "AUTHINFO SASL:WEAK" as the last item in the response.
>>> Server sends "AUTHINFO SASL:WEAK,MEDIUM,STRONG" as the last item.
>> *shrug* So the attacker sends "AUTHINFO SASL:WEAK FOOBAR GZNORT"
>> instead,
>Only if it knows the exact length of the string. Okay, it can make a
>separate connection to the server to see, but it's starting to get a bit
>threadbare as a threat.
But surely the attacker will wait till he has seen the server's attempt. I
am assuming that this "man in the middle" is receiving packets from the
server and normally passing them on to the client unchanged. When he sees
"AUTHINFO SASL:WEAK,MEDIUM,STRONG", he drops it on the floor and inserts
"AUTHINFO SASL:WEAK FOOBAR GZNORT" in its place.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-nntp
mailing list