At 10:46 AM 1/9/01 +0100, [email protected] wrote:
>Can somebody come up with some examples of practical, relevant
>applications that will fail under spoofing? Any practical experiences?
Fred Baker:
yes. Financial applications, wherein the transmission of information
results in money being removed from an account. When your bank tells your
ATM to spit out money, if the communication is spoofed you can lose the
money from your account and not get the bills spit out. More generally,
transactions lost in flight can have other than a shared fate.
I do hope that no transaction-based application relies on TCP acks to
verify that the receiving application has indeed got the data. Or, for
that matter, no application at all. Am I missing anything?
-- Francesco Potort� (researcher) Voice: +39 050 315 3058 (op.2111) Area della ricerca CNR - CNUCE Fax: +39 050 3138091 via Alfieri 1, I-56010 Ghezzano, Pisa Email: [email protected] Web: http://fly.cnuce.cnr.it/ Key: fly.cnuce.cnr.it/public.key
This archive was generated by hypermail 2b29 : Wed Jan 10 2001 - 10:56:55 EST