[3690] in cryptography@c2.net mail archive
Re: Is a serial cable as good as thin air?
daemon@ATHENA.MIT.EDU (David R. Conrad)
Thu Dec 3 15:11:40 1998
Date: Thu, 3 Dec 1998 14:24:42 -0500 (EST)
From: "David R. Conrad" <drc@adni.net>
To: cryptography@c2.net
In-Reply-To: <Pine.BSF.4.05.9812012346410.11062-100000@ouch.oof.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The original poster mentioned that the secure host would verify that all
data coming in over the serial connection was in the proper format. Thus
it is being contemplated that an attacker could compromise the outer host
and send arbitrary data to the secure host.
An attacker might not try to send packets of entirely forged data, but
merely, say, add a single byte to each packet transmitted. This would
cause all packets of data to fail the format test, and would constitute
a denial of service attack.
Since I'm sure you'll be logging any invalid packets received (modulo
error detection/correction?) and studying them carefully, there should be
no difficulty detecting such a condition.
David R. Conrad <drc@adni.net>
"On two occasions I have been asked [by members of Parliament!], `Pray,
Mr. Babbage, if you put into the machine wrong figures, will the right
answers come out?' I am not able rightly to apprehend the kind of
confusion of ideas that could provoke such a question." -- Charles Babbage
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBNmbliYPOYu8Zk+GuEQLd4ACeK55J5T8IxAXOECr7YYY6wuEDYzAAnjAw
DI3yAkEM55/Tnym5yeZ4oc0T
=NLum
-----END PGP SIGNATURE-----
