If we implemented the concepts of forward and backward congestion notification on freeways, nobody would be getting in traffic jams because of following too closely. The ideas behind frame-relay work well on networks and if we had changing speed limits 10 miles before a major accident, it wouldn't be a mess when the cars all got there.
Just think about what that would clear up. You could have hundreds of cars all riding eachothers asses and then you could tell the ones in front to accelerate to 90 mph.
It's just about leaving room in front of yourself. Everybody loses in a traffic jam. For cars entering the road, just leave a few carlengths for them to get in.
Not quite the story..
on
VoIP Wiretapping
·
· Score: 2, Insightful
I disagree.
It's a bit tougher to regulate endpoints when they can be anywhere in the world.
It's a huge problem because assumed solutions like this one would not work well at all. Any amount of encryption would prevent real-time surveillance by a third party. Just think about the amount of computing power that must be used to decrypt voice packets with 128-bit encryption schemes or above. It's ridiculous and not even worth it due to the amount of time it would take.
What really makes this flaw interesting is the fact that the guy who apparently discovered it said he could do it in four tries or so. FOUR??? What kind of session could he possibly be jumping in on, and what was his test setup? I am hesitant to believe this guy had a couple concrete examples of this bug outside of a test environment.
Hold on a second. TCP is not a routing protocol! It is a supplement to routing protocols, such as BGP. I think what you meant was IPv4 and IPv6...right? well those are considerably different than TCP.
IP is layer 3. That is, IP works in concert with TCP, but has nothing to do with sequence numbering and handshaking, which this vulnerability found.
Implementation of IPv6 will do little against a vulnerability in TCP, since IP deals with end-to-end addressing. It's just switch from 32-bit to 128-bit addressing. I can get the IPv6 address, guess the appropriate sequence number, jump into that particular stream, and get connected just as usual.
Trying to carry out this exploit tomorrow in the lab will be tons of fun. Cisco routers running BGP are fun to exploit..
Slashdot Mirror
If we implemented the concepts of forward and backward congestion notification on freeways, nobody would be getting in traffic jams because of following too closely. The ideas behind frame-relay work well on networks and if we had changing speed limits 10 miles before a major accident, it wouldn't be a mess when the cars all got there. Just think about what that would clear up. You could have hundreds of cars all riding eachothers asses and then you could tell the ones in front to accelerate to 90 mph. It's just about leaving room in front of yourself. Everybody loses in a traffic jam. For cars entering the road, just leave a few carlengths for them to get in.
I disagree. It's a bit tougher to regulate endpoints when they can be anywhere in the world. It's a huge problem because assumed solutions like this one would not work well at all. Any amount of encryption would prevent real-time surveillance by a third party. Just think about the amount of computing power that must be used to decrypt voice packets with 128-bit encryption schemes or above. It's ridiculous and not even worth it due to the amount of time it would take.
What really makes this flaw interesting is the fact that the guy who apparently discovered it said he could do it in four tries or so. FOUR??? What kind of session could he possibly be jumping in on, and what was his test setup? I am hesitant to believe this guy had a couple concrete examples of this bug outside of a test environment.
Hold on a second. TCP is not a routing protocol! It is a supplement to routing protocols, such as BGP. I think what you meant was IPv4 and IPv6...right? well those are considerably different than TCP. IP is layer 3. That is, IP works in concert with TCP, but has nothing to do with sequence numbering and handshaking, which this vulnerability found. Implementation of IPv6 will do little against a vulnerability in TCP, since IP deals with end-to-end addressing. It's just switch from 32-bit to 128-bit addressing. I can get the IPv6 address, guess the appropriate sequence number, jump into that particular stream, and get connected just as usual. Trying to carry out this exploit tomorrow in the lab will be tons of fun. Cisco routers running BGP are fun to exploit..