|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
In-Reply-To: <59A442ECD83D0F408ECEA3A84D3AE2EC03090BAD@bre2k26p> Cc: "Alexei Roudnev" <alex@relcom.net>, "NANOG list" <nanog@merit.edu> From: Iljitsch van Beijnum <iljitsch@muada.com> Date: Thu, 7 Jul 2005 20:16:32 +0200 To: "Kuhtz, Christian" <christian.kuhtz@bellsouth.com> Errors-To: owner-nanog@merit.edu On 7-jul-2005, at 19:43, Kuhtz, Christian wrote: >> If I'm on the same shared medium as you I can kill your SSL session >> with one packet. > Only if shared medium = vanilla CSMA/CD Ethernet or the like. Or air. If the medium isn't shared then if it's a thin pipe, it's subject to DoS (I mean the type where you don't even need a zombie army) and if it's a fat one, an attacker still gets to break the TCP sessions with SSL running over them. (This requires a few million packets.)
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |