> > Also, it hard to spoof an entire TCP session setup. The spoofer can't
> > see the responses coming back from your server, so he/she needs to guess.
> > I don't see how you get very far into a session before you loose control.
>
> Read Mitnick's case (www.takedown.com).
A book publicity site is not a good source of technical info. I can't
find anything specific about this. Do you have a more specific URL?
Another more important point: does your server use easy to guess
sequence numbers? If so, maintaining a spoofed session is much easier.
Check with your UNIX vendor.
> > ssh logins require a lot of CPU power. I don't see ever happening,
> > except for the PM3 & the unannouced encryption daughter card.
>
> Considering rather rare occasions this authentication is needed
> it should not be a big deal.
It is. Every application may not be rare.
> > Also there are copyright and licensing issues. This could be solved
> > with a PM3 daughter card, by including licensing costs when you buy the
> > hardware.
>
> That's true. Also export/import restrictions, though I'm not sure if they
> are applicable in this case (if there will be no session encryption -
> only authentication).
No session encryption? I would prefer session encryption over
authentication, because you could always authentication securely over a
encrypted session, and you can run sessions over insecure networks too
(which you can if only the authentication is encrypted).
> --
> Igor V. Semenyuk Internet: iga@sovam.com
> SOVAM Teleport Phone: +7 095 258 4170
> Moscow, Russia Fax: +7 095 258 4133
>
>
Tom