RE: PI/metro/geo [Re: The state of IPv6 multihoming development]

[Peter Tattam <peter@jazz-1.trumpet.com.au>]

On Tue, 5 Nov 2002, Michel Py wrote:

> Peter,
> 
> >> I've seen forged RSTs to take out the BGP session also,
> >> but the earliest attack I saw involved somone stealing
> >> a BGP TCP session and then injecting  false routing
> >> information. Operators who don't have BGP TCP MD5
> >> deployed are at serious operational risk these days.
> 
> > Peter R. Tattam wrote:
> > I thought this was a man-on-the-side attack, not
> > man-in-the-middle
> 
> I am no expert in attack classification, but can you explain why? I have
> done that myself once in the lab, and it was a MITM as far as I am
> concerned: Get in the middle, intercept the traffic from the mark to the
> peer and vice versa, and inject yours instead.
> 
> Michel.

Ok.  I think the classification is bogus.  I only characterize a man in the
middle as being one who can intercept packets going in both directions at the
time of the initial attack. If a man on the side attack results in the traffic
ending up being man in the middle, I don't think that qualifies. 

It helps to be accurate with the terminology - it prevents confusion.

> 
> 
> 

Peter

--
Peter R. Tattam                            peter@trumpet.com
Managing Director,    Trumpet Software International Pty Ltd
Hobart, Australia,  Ph. +61-3-6245-0220,  Fax +61-3-62450210