From: Stephen Crane <steve.crane@rococosoft.com>
To: Marcel Holtmann <marcel@holtmann.org>
Cc: Bhatt Abhi-ABHATT <ABHISHEK.BHATT@motorola.com>,
BlueZ Mailing List <bluez-devel@lists.sourceforge.net>
Subject: RE: [Bluez-devel] Service level security for RFCOMM
Date: Mon, 01 Nov 2004 12:02:31 +0000 [thread overview]
Message-ID: <1099310550.28599.132.camel@baroque.rococosoft.com> (raw)
In-Reply-To: <1099068050.10164.69.camel@pegasus>
Hi Marcel,
On Fri, 2004-10-29 at 17:40, Marcel Holtmann wrote:
> However this also leads to a security problem, because I can scan the
> RFCOMM ports of a remote device without forcing the security mechanism.
> I only have to do the PN exchange and then disconnect. What should a
> remote device do when a PN CMD comes in for a channel without a service
> behind it?
If the spec says that authentication can only happen on receipt of SABM,
then I guess this leaves it open to port scans.
However, does this really matter? If you want to protect _all_ services,
use security mode 3. If you're in security mode 2, it's most likely that
you can do SDP searches without performing a security procedure and
discover open channels that way.
> Sorry, I don't get the point. Why should a client care about security
> mode 2, when it want to connect to a server in security mode 1. Actually
> the server must know what services to protect and not the client. If you
> have such server running, then this is a wrong designed server from my
> point of view.
Well, for example, a client may wish to authenticate a server before
connecting to it, irrespective of the security the service wants for
itself.
> Regards
>
> Marcel
Steve
--
Stephen Crane, Rococo Software Ltd. http://www.rococosoft.com
steve.crane@rococosoft.com +353-1-6601315 (ext 209)
next prev parent reply other threads:[~2004-11-01 12:02 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-29 14:36 [Bluez-devel] Service level security for RFCOMM Bhatt Abhi-ABHATT
2004-10-29 14:47 ` Marcel Holtmann
2004-10-29 15:10 ` Stephen Crane
2004-10-29 16:40 ` Marcel Holtmann
2004-11-01 12:02 ` Stephen Crane [this message]
2004-11-01 12:17 ` Marcel Holtmann
-- strict thread matches above, loose matches on Subject: below --
2004-10-29 20:04 Bhatt Abhi-ABHATT
2004-10-29 20:22 ` Marcel Holtmann
[not found] <5987A7CB1694D811A04D0002B32C289601BF3C03@il93exb05.corp.mot.com>
2004-10-29 19:41 ` Marcel Holtmann
2004-10-29 15:35 Bhatt Abhi-ABHATT
2004-10-29 15:53 ` Stephen Crane
2004-10-29 17:05 ` Marcel Holtmann
2004-10-29 17:02 ` Marcel Holtmann
2004-10-29 4:42 Marcel Holtmann
2004-10-29 4:46 ` James Cameron
2004-10-29 4:55 ` Marcel Holtmann
2004-10-29 9:31 ` Stephen Crane
2004-10-29 10:34 ` Fred Schaettgen
2004-10-29 12:10 ` Marcel Holtmann
2004-10-29 12:02 ` Marcel Holtmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1099310550.28599.132.camel@baroque.rococosoft.com \
--to=steve.crane@rococosoft.com \
--cc=ABHISHEK.BHATT@motorola.com \
--cc=bluez-devel@lists.sourceforge.net \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox