| Re: Ordered delivery of EAP messages | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Tue, 6 Mar 2007 20:42:47 -0800 (PST) | |
Avi Lior said:
"If an EAP method designer designed their method assuming the in order delivery of packets then this would be a bad thing I think.
A hacker could then exploit this assumption by re-order the packets. Surely EAP methods are not susceptible to this type of attack. Right?"
Certainly, it is a good thing for an EAP method to protect itself against replay. Using the mechanism provided in RFC 3579, an EAP method could discard replayed packets and ask the NAS to send another one.
On the other hand, there are EAP methods that are not protected against replay (e.g. Identity, Notification, etc.). There are also situations in which EAP packets can be fragmented, and if reassembled in the wrong order, this could cause failure of the MIC which can be a terminal error (e.g. in TLS-based methods).
So overall, I don't think that the majority of EAP methods deployed today are capable of handling arbitrary reordering.
- Re: Ordered delivery of EAP messages, (continued)
- Re: Ordered delivery of EAP messages Alper Yegin, March 7 2007
- Re: Ordered delivery of EAP messages Glen Zorn (gwz), March 6 2007
- Re: Ordered delivery of EAP messages Avi Lior, March 6 2007
- Re: Ordered delivery of EAP messages Avi Lior, March 6 2007
- Re: Ordered delivery of EAP messages Bernard Aboba, March 6 2007
- Re: Ordered delivery of EAP messages Avi Lior, March 7 2007
- Re: Ordered delivery of EAP messages Yoshihiro Ohba, March 7 2007
- Re: Ordered delivery of EAP messages Avi Lior, March 7 2007
- Re: Ordered delivery of EAP messages Yoshihiro Ohba, March 7 2007
Results generated by Tiger Technologies using MHonArc.