Wireshark-dev: Re: [Wireshark-dev] performing cpu/time intensive computation in a protocol diss
From: Paolo Abeni <paolo.abeni@xxxxxxxx>
Date: Wed, 06 Aug 2008 09:12:14 +0200
hello,

On Tue, 2008-08-05 at 20:28 +0200, Sake Blok wrote:
> Wireshark has a good
> reputation as a network analysis tool. Which of course means it can be
> used for less honest purposes as well, but putting code in to deliberately
> break security based on a weakness in the protocol crosses the line
> for me. 

I would add just a little detail: the issue exploited in the CVE 2008
0166 attack is not related to the SSL protocol, but to some specific
(broken) implementations. 

Moreover the decryption of encrypted sessions is a feature that
wireshark supports since a few time for SSL, IPsec, ecc. and at least
for SSL sessions it works in a very similar fashion to the CVE attack
(in both situations you have to provide wireshark with some additional
knowledge).

Anyway I would be very interested in some feedback on the initial
questions (long computation and/or user interaction in dissector
code)...

cheers,

Paolo

 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 Realizza i tuoi sogni con Carta Eureka. Fido fino a 3.000 euro, rate a partire da 20 euro e canone gratis il 1° anno. Scoprila!
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=7877&d=6-8