XMPP file transfer
Gabriel Schulhof
nix at go-nix.ca
Wed Nov 14 02:39:31 EST 2007
On Wed, 2007-14-11 at 02:20 -0500, Gal Topper wrote:
> Pidgin is able to transfer files at LAN speeds when both sides are on
> the same network because it supports direct file transfers over XMPP
> (jabber).
Just out of curiosity: What if the two sides are not on the same
network, but they are both behind proxies on different networks using
the same address space? In that case, would the originating hosts's
Pidgin end up attempting to access a host on its own LAN?
This could be a vulnerability: you think you're sending the file to your
friend 2 proxies away, but instead, you're sending the file to some
other guy on your own LAN (who can impersonate your friend because he
can see the whole traffic between you and your proxy and he's fortunate
to have the same IP as your friend has on /her/ LAN.
To illustrate:
FriendIP(not friend):YourProxy:INET:FriendProxy:FriendIP(friend)
YourOwnIP :YourProxy:INET:FriendProxy:
where FriendIP and YourOwnIP are in the same address space.
Gabriel
More information about the Devel
mailing list