At 10:46 AM 1/9/01 +0100, [email protected] wrote:
>Can somebody come up with some examples of practical, relevant
>applications that will fail under spoofing? Any practical experiences?
yes. Financial applications, wherein the transmission of information
results in money being removed from an account. When your bank tells your
ATM to spit out money, if the communication is spoofed you can lose the
money from your account and not get the bills spit out. More generally,
transactions lost in flight can have other than a shared fate.
But this presupposes transactional completeness maps 1:1 into tcp ack flow.
Surely no application of this nature depends on an underlying protocol to
give closure inside its application-specific logic? Assuming a reliable
bytestream doesn't mean the application says yes or no.
For instance, one can imagine a nightmare world of mainframes where TCP
terminates in a front-end-processor and backend bisync is required to get
to the cash services engine inside some monster iron. You can't use a spoofed
or non-spoofed TCP ack there to get completion on a transaction.
-George
-- George Michaelson | DSTC Pty Ltd Email: [email protected] | University of Qld 4072 Phone: +61 7 3365 4310 | Australia Fax: +61 7 3365 4311 | http://www.dstc.edu.au
This archive was generated by hypermail 2b29 : Tue Jan 09 2001 - 18:26:29 EST