Home page logo
/

basics logo Security Basics mailing list archives

Re: Web Traffic Security and Eavesdropping
From: "Shreyas Zare" <shreyas () technitium com>
Date: Tue, 18 Nov 2008 00:08:47 +0530

Hi,

I would just say that a determined person can do anything. The
simplest way can be to get into the same network by getting hold of a
single compromised machine and then just sniff for the data. The BGP
attack is quite possible but in practice how guaranteed the attack is
a question. Still, the point is it can be carried out from any node on
the internet that makes it dangerous.

Regards,

On Sun, Nov 16, 2008 at 4:19 PM, Adam Pal <pal_adam () gmx net> wrote:

Hello Mike,

My feeling is that you are both right, the one who asked you how it is
possible and you.
It is not possible when the attacker is not on the same virtual path
(lets say path instead network) but the attacker has -as the
wired-article describes- the possibility to bring himself on the path
for instance by modifying the route (BGP).

As you see, the answer to your question is no. You cannot pick up any
information from a flow you are not connected to somehow.
The webserver doesnt see all the information, it sees all information
delivered to it once he is a part of the virtual path the information
took.



--
Best regards,
 Adam Pal

--
("Relax, its only ONES and ZEROS !")

Shreyas Zare
Co-Founder, Technitium
eMail: shreyas () technitium com

..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam () technitium com

Join Sci-Tech News group and get the latest science & technology news
in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news
to join.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]