XMPP file transfer
Andreas Monitzer
pidgin at monitzer.com
Wed Nov 14 02:55:16 EST 2007
On Nov 14, 2007, at 08:39, Gabriel Schulhof wrote:
> Just out of curiosity: What if the two sides are not on the same
> network, but they are both behind proxies on different networks using
> the same address space? In that case, would the originating hosts's
> Pidgin end up attempting to access a host on its own LAN?
>
> This could be a vulnerability: you think you're sending the file to
> your
> friend 2 proxies away, but instead, you're sending the file to some
> other guy on your own LAN (who can impersonate your friend because he
> can see the whole traffic between you and your proxy and he's
> fortunate
> to have the same IP as your friend has on /her/ LAN.
If someone is spying on your connection to the server, you have a huge
problem right there, since that person is able to read all of your IM
conversations. That's why TLS (client-to-server encryption) should be
used at all times.
Since the port is random, it shouldn't be that simple to intercept a
file transfer when you don't know the information going over the
control connection.
andy
More information about the Devel
mailing list