Wireshark-dev: Re: [Wireshark-dev] performing cpu/time intensive computation in a protocol diss
hello,
On Tue, 2008-08-05 at 20:28 +0200, Sake Blok wrote:
> Wireshark has a good
> reputation as a network analysis tool. Which of course means it can be
> used for less honest purposes as well, but putting code in to deliberately
> break security based on a weakness in the protocol crosses the line
> for me.
I would add just a little detail: the issue exploited in the CVE 2008
0166 attack is not related to the SSL protocol, but to some specific
(broken) implementations.
Moreover the decryption of encrypted sessions is a feature that
wireshark supports since a few time for SSL, IPsec, ecc. and at least
for SSL sessions it works in a very similar fashion to the CVE attack
(in both situations you have to provide wireshark with some additional
knowledge).
Anyway I would be very interested in some feedback on the initial
questions (long computation and/or user interaction in dissector
code)...
cheers,
Paolo
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Realizza i tuoi sogni con Carta Eureka. Fido fino a 3.000 euro, rate a partire da 20 euro e canone gratis il 1° anno. Scoprila!
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=7877&d=6-8