From: Stephen Crane <steve.crane@rococosoft.com>
To: Marcel Holtmann <marcel@holtmann.org>
Cc: Bhatt Abhi-ABHATT <ABHISHEK.BHATT@motorola.com>,
BlueZ Mailing List <bluez-devel@lists.sourceforge.net>
Subject: RE: [Bluez-devel] Service level security for RFCOMM
Date: Mon, 01 Nov 2004 12:02:31 +0000 [thread overview]
Message-ID: <1099310550.28599.132.camel@baroque.rococosoft.com> (raw)
In-Reply-To: <1099068050.10164.69.camel@pegasus>
Hi Marcel,
On Fri, 2004-10-29 at 17:40, Marcel Holtmann wrote:
> However this also leads to a security problem, because I can scan the
> RFCOMM ports of a remote device without forcing the security mechanism.
> I only have to do the PN exchange and then disconnect. What should a
> remote device do when a PN CMD comes in for a channel without a service
> behind it?
If the spec says that authentication can only happen on receipt of SABM,
then I guess this leaves it open to port scans.
However, does this really matter? If you want to protect _all_ services,
use security mode 3. If you're in security mode 2, it's most likely that
you can do SDP searches without performing a security procedure and
discover open channels that way.
> Sorry, I don't get the point. Why should a client care about security
> mode 2, when it want to connect to a server in security mode 1. Actually
> the server must know what services to protect and not the client. If you
> have such server running, then this is a wrong designed server from my
> point of view.
Well, for example, a client may wish to authenticate a server before
connecting to it, irrespective of the security the service wants for
itself.
> Regards
>
> Marcel
Steve
--
Stephen Crane, Rococo Software Ltd. http://www.rococosoft.com
steve.crane@rococosoft.com +353-1-6601315 (ext 209)
next prev parent reply other threads:[~2004-11-01 12:02 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-29 14:36 [Bluez-devel] Service level security for RFCOMM Bhatt Abhi-ABHATT
2004-10-29 14:47 ` Marcel Holtmann
2004-10-29 15:10 ` Stephen Crane
2004-10-29 16:40 ` Marcel Holtmann
2004-11-01 12:02 ` Stephen Crane [this message]
2004-11-01 12:17 ` Marcel Holtmann
-- strict thread matches above, loose matches on Subject: below --
2004-10-29 20:04 Bhatt Abhi-ABHATT
2004-10-29 20:22 ` Marcel Holtmann
[not found] <5987A7CB1694D811A04D0002B32C289601BF3C03@il93exb05.corp.mot.com>
2004-10-29 19:41 ` Marcel Holtmann
2004-10-29 15:35 Bhatt Abhi-ABHATT
2004-10-29 15:53 ` Stephen Crane
2004-10-29 17:05 ` Marcel Holtmann
2004-10-29 17:02 ` Marcel Holtmann
2004-10-29 4:42 Marcel Holtmann
2004-10-29 4:46 ` James Cameron
2004-10-29 4:55 ` Marcel Holtmann
2004-10-29 9:31 ` Stephen Crane
2004-10-29 10:34 ` Fred Schaettgen
2004-10-29 12:10 ` Marcel Holtmann
2004-10-29 12:02 ` Marcel Holtmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1099310550.28599.132.camel@baroque.rococosoft.com \
--to=steve.crane@rococosoft.com \
--cc=ABHISHEK.BHATT@motorola.com \
--cc=bluez-devel@lists.sourceforge.net \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.