Jump to content

Reflection attack

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 204.73.77.68 (talk) at 22:20, 8 April 2005. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A reflection attack is a potential way of attacking a challenge-response authentication system which uses the same protocol in both directions. The attacker initiates two separate connection attempts to the same target, and sends back the challenges received on one connection as its responses on the second connection. If the authentication protocol is not carefully designed, it will accept its own responses as valid, thereby leaving the attacker with one fully-authenticated channel connection (the other one is simply abandoned).

For more details, see Computer Networks 4th ed by Andrew S Tanenbaum, ISBN 0-13-038488-7, pages 787-790.

Stub icon

This technology-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Reflection_attack&oldid=16803129"