[7114] in Kerberos
Re: Dial-In Servers and Kerberos
daemon@ATHENA.MIT.EDU (Josh M. Osborne)
Wed Apr 17 19:43:44 1996
To: Art Houle <houle@acns.fsu.edu>
Cc: "HARRY R. ERWIN" <herwin@osf1.gmu.edu>, Darren Reed <darrenr@cyber.com.au>,
kerberos@MIT.EDU
In-Reply-To: Your message of "Wed, 17 Apr 1996 16:14:12 EDT."
<Pine.SUN.3.91.960417160513.3468E-100000@acns.fsu.edu>
Date: Wed, 17 Apr 1996 19:24:54 -0400
From: "Josh M. Osborne" <stripes@va.pubnix.com>
In message <Pine.SUN.3.91.960417160513.3468E-100000@acns.fsu.edu>, Art Houle wr
ites:
>On Wed, 17 Apr 1996, HARRY R. ERWIN wrote:
>> > It is, however, relatively easy to do kerberos over the a tty dialin, all
>> > you need to do is work out how your dialin `thing' is going to send
>> > Kerberos `packets' to your KDC.
>> >
>>
>> I know unencrypted dial-up access to a kerberized system means I'm already
>> damned.
>
>To steal info from someone elses dialup session, you need to tap the
>wires at the user premises, at the central office, at the answering
>equipment, or off the cables and none of these are easily avaiable.
>Then you need to de-modulate the stream of tones with a pair of compatible
>modems that has been hacked at the system-ROM level by someone with
>knowledge of internal modem design. Far easier to bribe someone for the
>information than find a team of talented technical conspirators.
[...]
Or *far* simpler:
buy Ultra Call Forwarding from the RBOC, have the number of the modem
pool forwarded to you, use your own modem pool to answer, make a second
call to the real modem pool (this may only work if each modem has a
number as opposed to a single number for the hunt group), or use your
own internet connection to "forward" the telnets.
Sure it's easyer to get cought (I don't know of any cases with
modems, but one plumber stole bisness from another with a varient
of this scheme), but it is easyer to do. I suppose with more
knolage of phone switches & better social engenering you could find
a even "better" way to play man in the middle without having to
demodulate V.34/V.38 modem signals (which is apparently quite hard).
(note: I don't know how easy any of this is, I don't have any personal
experiance in wire tapping, or mis-use of any flavor of Call Forwarding.
It is merely my intention to point out that your list of attacks was
no where close to exaustave, and it's not a good idea to decide you are
safe unless you have a relitavly exaustave list...)
--
Not speaking for any of my employers
