Sniffing vs Spoofing

Article:
Atom Authentication

Subject: Sniffing vs Spoofing

Date: 2003-12-22 16:22:27

From: Alex Jacobson

If you are concerned about local cinference participants sniffing Bob's password, you might also be concerned that they intercept his packets and just modify the contents of his posts.

The attack looks something like this: Advertise a wireless network with the same name as the conference's wireless net. Get Bob to obtain DHCP from your fake net, but route it to the Internet. Now you can modify the content of Bob's posts.

The value of content-md5 or content-sha should be part of the computed passworddigest.

Previous Message Next Message

Sponsored By:

© 2008, O'Reilly Media, Inc.
(707) 827-7000 / (800) 998-9938
All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.

About O'Reilly
Privacy Policy
Contacts
Authors
Press Room
Jobs
User Groups
Academic Solutions
Newsletters
Writing for O'Reilly
RSS Feeds

Other O'Reilly Sites
O'Reilly Radar
Ignite
Tools of Change for Publishing
Digital Media
makezine.com
craftzine.com
hackzine.com
perl.com
xml.com

Sponsored Sites
Inside Aperture
Inside iPhone
Inside Lightroom
Inside Port 25
InsideRIA