Dennis L. Mumaugh (att!cuuxb!dlm@ucbvax.Berkeley.EDU)
19 Nov 88 18:58:01 GMT
In article <881109143927.20402284@Csa3.LBL.Gov> forrest@CSA3.LBL.GOV writes:
I am a complete novice at matters relating to networking and haven't
read the Telnet RFC so I may be missing something obvious.
No question is unworthy of asking.
Assume the following network organization:
A <------------------> M <------------------> Z
(Node M is actually one or more gateways.) Couldn't a bad guy
on M monitor the TCP/IP traffic looking for Telnet
connections and then follow through the exchange of login
names and passwords, thereby capturing a node/login and
password pair? (I realize that the path from A to Z is
dynamic and that this might not always be possible.)
Yes. In fact if one has a LAN sniffer one can read the entire
traffic on the EtherNet Cable. All networking schemes assume
physical secuirty of the communications media.
The DoD people have a solution: encrypt the comm-line. There is
a secure version on the Internet that does just that. Even
better is to use end-to-end encryption for each communications
circuit. The basic problem with all of this is the encryption
overhead and the key and authentication problems.
--
=Dennis L. Mumaugh
Lisle, IL ...!{att,lll-crg}!cuuxb!dlm OR cuuxb!dlm@arpa.att.com
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:54 GMT