Edward Maillet <maillet @
doc .
cs .
usm .
maine .
edu> wrote:
>
> Wouldn't it be more accurate to say that Man in the Middle attacks are really
> Man at the End attacks?
[snip]
> TCP connections flying over Internet today from say A.com to B.com aren't
> likely to be crossing over a network controlled by evil.com. What is the
> REAL potential of someone being able to nail a A.com to B.com connection
> without being inside A.com or B.com? Most companies connect to the 'net
> using a commercial Intner provider. Let's say MCI. I know for a fact MCI
> routes data internally along its DS3 back bone as much as it can so if
> you and I both use MCI we never leave MCI land. What is the real potential
> of someone tapping, hacking or sniffing one of MCI's links? Sure the
> possibility exists but so does the possibility I put a bomb in your car
> while you were reading this.
There is a long history of folks penetrating the public switched phone network
for either recreation or profit. The example that I think is funniest was
when (on June 13, 1989) caller to the Palm Beach (Florida) Probation office
found themselves connected to a phone sex number in New York. I'm sure that
The Authorities at the telephone company do not share my amusement.
As you point out, so what? Well, there are two forces driving the phone
companies towards a much more open architecture for data networks. The first
is the realization that they are losing out on an enormous opportunity to
sell data service (to PSI, UUnet, and company, but also to Wiltel and others).
Much of this is because their service offerings are much less flexible than
that of their competition's. There is a feeling at many of the phone companies
that new technologies would allow customers to connect in and provision a
higher quality (and more expensive) service, as needed, and this would be a
major competative edge that the phone companies could use to get in the game.
The second is the "Equal Access" laws. Basically these are a holdover from
the days when The Powers That Be in Washington decreed that my mom and dad
(in Orono, Maine) should get the same service as I get here in the Washington
DC area, although it costs much less for a phone company to provide it to
me. As it turns out, many of the technologies that would allow customers to
provision their own service also help out here.
Nevermind when the NFSnet routing nodes were subverted (January 1994?), and
sniffer programs installed.
[snip]
> As a side thought, anyone got any numbers of how many hacks come from inside
> versus outside?
Haven't seen any numbers, but (as the police say) the insiders have the
opportunity, motive, and means. They also know where the Good Stuff is. This
is an extremely ugly topic, but there it is. I'd be *very* surprised if there
were more than 25% external jobs, but that's a guess. (and you thought that
YOU were flame bait, Ed!)
--
- Ted
--------------------------------------------------------------------------
Ted Doty, Network Systems Corporation | phone: +1 301 596-2270
8965 Guilford Road, Suite 250 | fax: +1 410 381-3320
Columbia, MD, 21046 USA | voice mail: (800) 233-1485
--------------------------------------------------------------------------
The opinion expressed in this message is fictitious. Any resemblence to
real opinions, living or dead, is purely coincidental.
|
|
