John Deters wrote:
At 12:44 PM 10/7/97 -0700, Eric Blossom you wrote:
I wrote:
Therefore, man-in-the-middle can be more precisely described as an unauthenticated end-point problem. Therefore, without authentication, there is no defense (yet) against MITM attacks.
I concur from the theoretical point of view.
It would be easy enough to "trick" the MITM into exposing their existance anyway, just by using digits that come up in conversation.
A sudden dropout of sound (or "accidental" loss of connection) while the MITM recognizes the trap and tries to backpedal will be instantly noticed. Human protocols are resilient, whereas mathematical protocols are precise.
Speaking from a practical standpoint, since I have been the target of a variety of electronic surveillance for over a quarter of a century, the Man-in-the-Middle rarely operates so well that there are not a number of small anomalies that one cannot spot in the quality and/or flow of the service they are receiving. On the other hand, they rarely screw up so badly as to make it glaringly obvious what they are doing. The main thing, when one has reason to believe that quality or technical problems may be the result of MITM, is to take subtle actions such as the one suggested above, in order to force the MITM to adjust on-the-fly to situations that you create in order to monitor the monitor. e.g. - "Call me in 5 minutes at 555-PAY-PHONE for the secret code." If you already have a shill using that pay phone to monitor sudden anomalies in the function, fine, but it is ususally sufficient to take a call at the phone in five minutes, and the results of a quick patch will be noticeable. - "Do you have a radio playing, or something?" Hi-tech MITMs use a white-noise system designed to provide a cover for noise from their equipment, and a statement such as the above will invariably cause them to adjust it, usually resulting in a greater clarity or greater fuzziness on the line. Similar analysis of one's email, particularly if you have several recipients who can send you full feedback on timing/routing, etc., can reveal consistent differences between letters to your mom, and your death threats against the King (as well as letter to your mom which contain death threats against the King). Bottom line: If you are sending something worthy of being monitored, then your actions and methodologies should reflect the belief that you *are* being monitored. Please destroy your hard drive after reading this post. TruthMonger