Two Dumb Questions

John-Mark Gurney jmg at
Tue Sep 27 01:01:15 UTC 2016

Ronald F. Guilmette wrote this message on Sun, Sep 25, 2016 at 23:42 -0700:
> Here's my point:  If you really have already managed to become
> the man-in-the-middle anyway, then couldn't you just dummy up
> any and all responses, including those for DNS, in such a way
> as to make it all appear to the victim that everything was
> "normal", you know, such that he can see the cute little
> padlock symbol to the left of the URL in the browser?

As for DNS, that is the reason DNSSEC has been deployed.  To ensure
that the response is correct.  Though if the attacker completely
controls your inet connection, they don't even need to do this, as
they can just pretend to be any IP they want to be.

Cryptography allows you to verify the identity of another party and
ensuring it is not tampered with using PKI[1].

There are other forums that are better to ask how this is possible.


  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

More information about the freebsd-security mailing list