Re: Socket security

From: Volker Birk (bumens_at_dingens.org)
Date: 11/22/03

• Next message: GeorgeatNordland: "execve call inspection with stdout/stderr logging"
• Previous message: Casper H.S. ***: "Re: Hardening a Solaris system."
• In reply to: -: "Socket security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 22 Nov 2003 14:55:29 +0100

In comp.security.unix - <cbdeja@my-deja.com> wrote:
> It is possible for an unrelated program (not running on the client
> machine) to send garbage to the client program via its client socket,

Yes. Socket-Hijacking is possible, i.e. search for "telnet hijacking"
with a search enginge of your choice.

> or is the connection completely private between the client and server
> program?

No. Only, if you're using a good implementation of hard crypto, i.e. an
SSL tunnel.

VB.

-- 
X-Pie Software GmbH
Postfach 1540, 88334 Bad Waldsee
Phone +49-7524-996806 Fax +49-7524-996807
mailto:vb@x-pie.de  http://www.x-pie.de

• Next message: GeorgeatNordland: "execve call inspection with stdout/stderr logging"
• Previous message: Casper H.S. ***: "Re: Hardening a Solaris system."
• In reply to: -: "Socket security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint