Protocol Flaws
Internet protocols are
publicly posted for scrutiny by the entire Internet community. Each accepted
protocol is known by its Request for Comment (RFC) number. Many problems with protocols have been identified by
sharp reviewers and corrected before the protocol was established as a
standard.
But protocol definitions are
made and reviewed by fallible humans. Likewise, protocols are implemented by
fallible humans. For example, TCP connections are established through sequence
numbers. The client (initiator) sends a sequence number to open a connection,
the server responds with that number and a sequence number of its own, and the
client responds with the server's sequence number. Suppose (as pointed out by
Morris [MOR85]) someone can guess a
client's next sequence number. That person could impersonate the client in an
interchange. Sequence numbers are incremented regularly, so it can be easy to
predict the next number. (Similar protocol problems are summarized in [BEL89].)
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.