In this chapter we have described sequence numbers between a sender and receiver as a way to protect a communication stream against substitution and replay attacks. Describe a situation in which an attacker can substitute or replay in spite of sequence numbers. For which type of sequence numbering—one general stream of sequence numbers or a separate stream for each pair of communicators—is
this attack effective?
What will be an ideal response?
The
attacker
uses
a
message
from
one
session,
containing
sequence
number
x
and
attempts
to
insert/replay
it
with
another
session,
assuming
that
sequence
number
x
will
be
valid
in
the
new
session.
This
kind
of
attack
only
works
against
the
separate
stream
for
each
pair
of
communicators,
assuming
the
messages
do
not
contain
a
session
ID.
You might also like to view...
An object that implements the EntityManager ________ manages the interactions between a program and the database.
a. interface b. class c. enumeration d. None of the above.
________ is a graphical language that allows people who design software systems to use an industry stan¬dard notation to represent them.
a. The Unified Graphical Laguage b. The Unified Design Language c. The Unified Modeling Language d. None of the above