Afterthought:
-
This is NOT a secure solution, although Mallory is not currently equipped to handle response from Charlie, it certainly can be adapted to do so (eg. filter incoming traffic, script injection).
-
I am almost certain Bob cannot trick Charlie into establishing a HTTPS connection with Alice, but I could be wrong, as one of the pre-condition for securing connection is for Alice to NOT give the key to a third-party, which we will in this case.
-
As a temp solution this should work seamlessly with West Chamber (which filters fake responses so Alice can maintain the connection), the difference between server Bob and Web Proxy/VPN/SSH tunnel/whatnot is that data from Charlie goes directly to Alice, so Bob’s bandwidth/CPU cost can be kept to minimal.
-
As mentioned in the diagram, each Bob should only handle a limited amount of users, otherwise it will be flagged as DoS. On the plus side, since no service other than authentication or request forging is offered by Bob, it has limited exposure, making it harder to identify.
-
If you think about it, this is effectively “a MITM solution to a MITM attack” :-) Just to keep the cat-n-mouse game exciting.
UPDATE: anchors added to image.
UPDATE2: what Mallory does is “ICMP DoS attack” (not to be confused with “ICMP flood”), once West Chamber can handle forged CM(control message), this MITM plan will be achievable.
我承认我在完全没有看完帖子只是瞄了一眼的情况下就无下限地推断这个是店长的崔莺莺萌化计划分析计划书了…
死磕完了前两段才看到LS的留言,豁然开朗中内牛满面了
其实我是看到作者名字才点进来的~
张生真是个好人,连店长都写文了。