Kerberos Man In The Middle Attack: is this feasible?

Marcus Watts mdw at
Mon Oct 13 22:01:23 EDT 2003

cryos98 at (Calimer0) writes:
> From: cryos98 at (Calimer0)
> X-Newsgroups: comp.protocols.kerberos
> Date: 13 Oct 2003 15:52:35 -0700
> Organization:
> Message-ID: <3e217f40.0310131452.5455578c at>
> To: kerberos at MIT.EDU
> Subject: Kerberos Man In The Middle Attack: is this feasible?
> Hi all,
> I'm tryng to understand Kerberos strenghts and flaws, I would like to
> know your opinion about the feasibility of the attack described below.
> Here it is:
> An attacker puts his machine A between the legitimate client C and an
> application server AS using an ARP spoofing attack, and then
> transparently forwards network traffic between C and AS until C sends
> the KRB_AP_REQ message. Once KRB_AP_REQ is captured, the attacker
> launchs a Denial Of Service attack on C, and forwards KRB_AP_REQ to
> AS. Is the attacker able to succesfully authenticate to AS?
> For my level of knowledge, the response is yes, but the attacker
> probably must spoof IP address of C, and his possibilities are limited
> from
> the missing knowledge of session keys included in KRB_AP_REQ.
> something wrong?
> thanks in advance
> mark
> ________________________________________________
> Kerberos mailing list           Kerberos at

MIT has a bunch of neat basic papers on kerberos.  You should
definitely find and read them.  They explain the basic theory far more
thoroughly and entertainingly than anybody could possibly do here.  You
might also consider getting and reading Schneier's _Applied
Cryptography_; it covers a lot of terroritory, including a basic
summary of kerberos but also much much more.  After that, you should
read RFC 1510.  After *that*, you are ready to read internet kerberos
drafts and paw through kerberos source.

In partial answer of your question, yes, kerberos is designed to deal
with the case you mention.  More generally, it assumes an adversary who
has the ability to edit every packet on the wire -- and can insert or
delete packets, which may be based on any arbitrary combination of
previous packets he's seen.  Given a strong cryptosystem and good keys,
kerberos should be "safe" against even this -- ie, while the adversary
can do traffic analysis or denial of service, he can't do more.  There
are weaknesses concerning keys based on passwords and the use of DES.
K5 includes a preauthentication protocol (somewhat misnamed) which can
be used for key negotiation or strengthen the initial key exchange.
There are plenty of basic ways to misuse and compromise kerberos,
starting with the obvious: ask for a kerberos password using an html

				-Marcus Watts
				UM ITCS Umich Systems Group

More information about the Kerberos mailing list