Autor: Jeremy Harris Data: Para: exim-users Assunto: Re: [exim] Exim (aoom) named in context of new TLS cross-protocol
attack
On 09/06/2021 22:10, Cyborg via Exim-users wrote: > I'm trying to get more infos about that attack vector from the german universities which found it, and will make some tests if possible, so we see what we actually have to defend against.
"The attacks, however, hinge on the prerequisite that the perpetrator can intercept
and divert the victim's traffic at the TCP/IP layer."
It's beyond most script-kiddies, at least.
Email has no current standard for using ALPN; do we need one?
That is suggested as mitigation for this attack.
Exim does support SNI, which is also suggested (but only
used if explicitly configured, at present, unless DANE).
We might think about tightening up on the SNI defaults.
I guess using DANE counts as another defense against this attack.
--
Cheers,
Jeremy