From: brianm@cs.bu.edu (Brian Mancuso)
To: cypherpunks@toad.com
Message Hash: 612b133b9f460f8cb4049dd706e64ffe71b44d522c20ee15e9d51695d71918f3
Message ID: <199510011708.NAA29261@csa.bu.edu>
Reply To: N/A
UTC Datetime: 1995-10-01 17:09:39 UTC
Raw Date: Sun, 1 Oct 95 10:09:39 PDT
From: brianm@cs.bu.edu (Brian Mancuso)
Date: Sun, 1 Oct 95 10:09:39 PDT
To: cypherpunks@toad.com
Subject: WWW Proxy Server Vulnerabilities
Message-ID: <199510011708.NAA29261@csa.bu.edu>
MIME-Version: 1.0
Content-Type: text/plain
Regarding WWW SSL middle-man attacks,
John L. Bass writes:
: Ok, several people have asked:
:
: client -> filter Client sends packet with K(c)
: filter -> Server filter forwards packet with K(f)
: filter <- Server Server sends encrypts with K(f)
: client <- filter filter re-encrypts with K(c)
:
: hacking a DMS server is one way, spoofing a DNS reply to named is easier,
: simply packaging the filter into a router/bridge close to the server
: is more effective ... even if hacking the incoming phoneline/T1 line
: to the server and inserting a very transparent bridge AKA a phone tap.
:
Consider the following attack: Many organizations, especially ones with low
bandwidth localnet-to-internet connections and those with firewalls, have
implemented `proxy-servers' to retrieve documents from the outside world
and cache them for fast future localnet access. ALL WEB TRAFFIC FROM THE
LOCALNET TO THE INTERNET GOES THROUGH THESE PROXY SERVERS, transparently
to the client and web servers after the client has been configured to do
so.
If one of these servers were to be compromised, an attacker could easily
implement the the middle-man scheme described above. Note that proxy
servers are fairly common (especially since firewalls require them),
so the apparatus already exists for the middle-man attack outside of
modifying DNS servers and routers.
The irony of the situation is that it is the most secure organizations
who have implemented firewalls that are the most vulnerable to the
middle-man attack.
Brian Mancuso
Boston University Computer Science Dept. PGP DF FA C0 EF 51 B0 23 54
Tel: 617.352.6552 Net: brianm@cs.bu.edu KFP 5C 8D E0 50 C6 39 C6 0F
Return to October 1995
Return to “Simon Spero <ses@tipper.oit.unc.edu>”