I'm presenting a talk at BayThreat on December 10/11 in Mountain View, CA. Here's the teaser.
IP Spoofing is a favorite InfoSec Cocktail Party topic. It's a versatile attack against a node in a local network segment, such as coffee-shop public WiFi. Cleartext connections can be hijacked through injected data, and TLS/SSL can be closed through injected control bits (e.g. RST).
I will present a proof-of-concept tool on Linux to provide TCP packet signing between previously unaffiliated nodes. Signed TCP will prevent spoofing by providing cryptographic assurance of the sender.
Designed for incremental adoption and common use, the tool establishes an ephemeral relationship between the nodes during the TCP setup. Authentication per se is not necessary - all that is required to protect the integrity of the session is validation that the remote node doesn't change mid-stream.
Oddly enough, I haven't found anything else that provides this kind of solution. Hopefully the presentation will be high on questions and low on face-palms.
No comments:
Post a Comment