Re: [saag] can an on-path attacker drop traffic?

Alan DeKok <> Sun, 04 October 2020 16:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BB94E3A08AF for <>; Sun, 4 Oct 2020 09:46:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xCCstkQqxm0i for <>; Sun, 4 Oct 2020 09:46:33 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8F44B3A08AE for <>; Sun, 4 Oct 2020 09:46:33 -0700 (PDT)
Received: from [] ( []) by (Postfix) with ESMTPSA id 0742F198; Sun, 4 Oct 2020 16:46:30 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
From: Alan DeKok <>
In-Reply-To: <>
Date: Sun, 4 Oct 2020 12:46:29 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <>
To: Paul Hoffman <>
X-Mailer: Apple Mail (2.3608.
Archived-At: <>
Subject: Re: [saag] can an on-path attacker drop traffic?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 04 Oct 2020 16:46:36 -0000

> On Oct 4, 2020, at 11:17 AM, Paul Hoffman <> wrote:
> I like Christian's triage (minus the "men"). The "where are they relative to the path" differentiation is likely to be more understandable to people who are not security geeks than "what they can do with creative use of packets". Using a road analogy: a person running a tollbooth, a person who can watch the cars go by and tell his colleagues when to enter the stream in order to do damage, a person who cannot see the traffic or send in cars but can cause lightning storms and send fake news to the cars on the road.

  My $0.02 is to call this "the council of attackers".  One is a malicious messenger, who rewrites messages he sends.  Another is the oppressive observer, who uses your information against you.  And the third is the chaos creator, who just breaks things so you can't use them.

  Alliteration is cute, and helps with memory.  :)
  Alan DeKok.