17 Dec
2003
17 Dec
'03
11:17 p.m.
Kerberos per se isn't sufficient to defend against session hijacking attacks, you know. The situation in question is really insidious and requires packet-by-packet cryptographic authentication.
No, but kerberos or something like it is necessary. And I think I can safely say that anything which really defends against TCP sequence spoofing or hijacking attacks will be more invasive and require more effort than kerberos, not less. Marc