[icecast] a new directory service

Ethan Butterfield primus at veris.org
Thu Oct 18 03:44:45 UTC 2001

Hash: SHA1

On Wed, Oct 17, 2001 at 08:57:13PM -0600, Jack Moffitt wrote:

> A man-in-the-middle attack is not easy to pull off.  If you can show me
> why some person would be incented to attack someone like this, then
> maybe there is a case for it.

Two easy motivations. #1 is deliberate sabotage. Let's say my station is 
not doing so well in the listings. I go after those who are doing well, 
and mess with their streamed information. Maybe re-point their URLs to me 
in order to hijack new users. #2 would just be wanton vandalism. If an 
exploit is found, you can be sure the s'kiddies will use it just because 
they're s'kiddies.
> As it stands, if you want to change the data, it's much easier to break
> into the directory server itself than it would be to perform a man in
> the middle attack in my opinion.  Or easier to break into the source
> computer and do it there.

Oh, I concur. Personally, I'd go after whoever is hosting the directory 
server and attempt to social engineer my way into access. But remember, 
that's actual work. My fear is the exploit-s'kiddie problem.

> I see no reason why anyone would go to such great lengths to alter the
> data in question.

I see no reason why anyone would constantly scan huge netblocks of cable 
modem users, looking for the occasional target to haX0r. But that doesn't 
stop the people who do.

And to Allen, yes, I know that it wouldn't stop all MitM attacks. That's 
why I said "nearly eliminate". Hell, I'd rather all traffic be fully 
IPSec'd (ESP + AH) all the time, but that's just not feasible. Frankly, I 
don't know if the data involved is worth the overhead of even an SSL 
connection, much less some full key-exchange method.

In the end, I'm just tossing out some ideas. I'm not the one who's 
actually going to code this, after all. :)

- -- 

 "Nothing's the same anymore."
     - Cmdr. Jeffrey Sinclair, Babylon-5, "Chrysalis"
Comment: For info see http://www.gnupg.org


--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

More information about the Icecast mailing list