| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: frank at knobbe.us (Frank Knobbe) Subject: defense against session hijacking On Mon, 2003-11-17 at 16:44, Damian Gerow wrote: > Thus spake David Maynor (dave@...yspray.com) [17/11/03 17:30]: > > This would break things like NATed machines and such. > > Could you explain how, please? I think David was hinting at pooled NAT address. Image an internal network that gets NATed to addresses a.b.c.d.5 until a.b.c.d.12. Kinda like Gary's "ganged" proxies. The debates over using IP addresses, ports, TTLs and other connection based elements do come up from time to time. However, you are trying to authenticate/verify the user on the other end, not networking equipment in between. Logically you should check user elements (such as browser ID perhaps). Or wrap it in SSL, use hard to guess/brute session ID's and hope for the best.... like the rest if us :) Regards, Frank -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031117/f5cdda83/attachment.bin
Powered by blists - more mailing lists