| RE: RE: Comments on draft-adrangi-eap-network-discovery-07.txt | <– Date –> <– Thread –> |
From: Glen Zorn (gwz) (gwz cisco.com)
|
|
| Date: Fri, 11 Feb 2005 23:40:36 -0500 (EST) | |
Bari, Farooq <> supposedly scribbled: ... >> >>> but it seems that your protocol is giving away (by design) a lot of >>> information about network topology and even contracts to anybody who >>> happens along. >> >> [FA] yes, roaming partners of the access network is given away. So, >> let's identify how MITM > > This isn't a man-in-the-middle attack; I don't have to eavesdrop, I > just have to ask. > > (FB) so what - should the service providers stop advertising their > presence...I am not sure what you are suggesting. If service > providers can not announce their presence for fear of an attack then > I am not sure how they can serve their customers....should the hot > spot operator stop announcing its presence as well for fear of an > attack? > >> can take advantage of the information and attack the network, in >> addition to what we already mentioned it in the draft. > > Did you mention this in the draft? I must have missed it. In any > case, how many attacks are enabled by having access to a network and > knowing which network it is? Suppose that one of the realms being > advertised is intel.com. That's wonderful! I don't have to war-dial > (or -drive) to find a way into Intel's network, it's right there in > the comfort of my local Starbucks, advertised for all to see! Of > course, I don't have credentials, but a user ID should be easy to > come by. Maybe I can't get inside the Intel network easily, but > let's see, if I fail authentication n times, will the account be > disabled? That should provide a little entertainment! The point is, > this draft (by design) opens a hole that wasn't there before. How big > a truck can be driven through it remains to be seen... > > (FB) Again your reasoning is difficult for me to comprehend. All > cellular providers for example do advertise their presence e.g via > boradcasting a PLMN. That is how the subscribers can get to their > networks. This broadcast is visible to all non subscribers as well. > Should they stop broadcasting their presence for fear of an attack. I > can probably right a very long email on it but I wait for your > response as to why do you expect service providers should stop > broadcasting their presence .... Don't wait too long. I give up. ~gwz Why is it that most of the world's problems can't be solved by simply listening to John Coltrane? -- Henry Gabriel
- RE: RE: Comments on draft-adrangi-eap-network-discovery-07.txt, (continued)
- RE: RE: Comments on draft-adrangi-eap-network-discovery-07.txt Glen Zorn (gwz), February 11 2005
-
RE: RE: Comments on draft-adrangi-eap-network-discovery-07.txt Adrangi, Farid, February 11 2005
- RE: RE: Comments on draft-adrangi-eap-network-discovery-07.txt Glen Zorn (gwz), February 11 2005
-
RE: RE: Comments on draft-adrangi-eap-network-discovery-07.txt Bari, Farooq, February 11 2005
- RE: RE: Comments on draft-adrangi-eap-network-discovery-07.txt Glen Zorn (gwz), February 11 2005
- RE: RE: Comments on draft-adrangi-eap-network-discovery-07.txt Glen Zorn (gwz), February 12 2005
- RE: RE: Comments on draft-adrangi-eap-network-discovery-07.txt Glen Zorn (gwz), February 12 2005
-
RE: RE: Comments on draft-adrangi-eap-network-discovery-07.txt Adrangi, Farid, February 12 2005
- RE: RE: Comments on draft-adrangi-eap-network-discovery-07.txt Glen Zorn (gwz), February 12 2005
Results generated by Tiger Technologies using MHonArc.