using Kerberos to detect duplicate packets?

Russ Allbery rra at stanford.edu
Mon Sep 15 16:34:56 EDT 2003


Harza <nuns_island at hotmail.com> writes:

> Can Kerberos be used to detect duplicate packets?

I'm not entirely sure what you're asking.

Are you asking if Kerberos can be used to protect against replay attacks
in network protocols?  If so, the best answer is probably that you're
thinking about things at slightly the wrong level, and while Kerberos does
have some built-in protection against replay attacks, the higher-level
security protocol (GSSAPI, for example) is probably capable of taking care
of that in a more general fashion.

Or are you asking if Kerberos can be used as a tool to detect a particular
networking issue?  If so, the answer is probably not, or at least it
wouldn't be the most natural way of doing so.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list