T 4.39 Software design errors

When planning programs and protocols, it is possible to make security-related design errors. In many cases, these errors are entirely understandable from a historical point of view. For example, it can probably be assumed that none of the developers of the protocols developed at the end of 1960s and still used in the Internet today thought that these protocols would form the basis for a global computer network with such a great importance for business.

Examples:

• Examples of design errors include the transmission of data as plain text in the Internet, which means the data (such as passwords) can then be read or changed, or allowing packets to be sent using the Internet address assigned to a different computer. A special case of this is referred to as an FTP bounce attack, which exploits the ability to use the FTP data transmission protocol to open a connection to any other computer. In the worst-case scenario, this type of attack may even be able to bypass a firewall using dynamic packet filters (see CERT Advisory 97-27). There are certainly other errors in the Internet protocols to be discovered and published in the future.
• Another example of a design error is referred to as DNS spoofing (see also T 5.78 DNS spoofing). The domain name system is the central information service in the Internet and it allows easily remembered web site names such as www.valuesave.com to be translated to the corresponding Internet address. In DNS spoofing, the attacker attempts to assign the name of a web site to the wrong computer so that users looking for information are redirected to the wrong computer.
• Another example of a design error is allowing users the ability to send large numbers of advertising emails (mail spamming). In this case, the attacker uses someone else's email server as a remailer so that the reactions of the recipients to the spam emails are ineffective. The reason for attacks clearly lies in the poor authentication mechanisms currently available in the Internet.