GPG agent for W32
Dirk Meyer
dirk.meyer at dinoex.sub.org
Tue May 15 09:32:01 CEST 2001
Florian Weimer wrote:
> I think this is the strong vs. weak ES model issue mentioned already
> in RFC 1122. Yes, this is a problem.
>
> > If an attacker can sent a router to you, he can send packges with
> > destination "127.0.0.1" to you and connect to your services.
>
> There's no need for a router. The attacker needs access to a sub-IP
> transport layer (for example, Ethernet), in order to be able to inject
> arbitrary IP packets.
I wanted to type "route" not "router"
Just set a static route with destination "127.0.0.1" on any host in
the same subnet, and you are able to inject such packages.
127.0.0.1 ist not secure by default!,
yes the dsicussion of weak/strong Model have beenn taken,
and you can fix this with Package-filtering rules as well.
Gruß Dirk
- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Tel 05606/6512 Q (voice)
- Origin: DINOEX Habichtswald -FRG- [dirk.meyer at dinoex.sub.org]
More information about the Gnupg-devel
mailing list