On 09/06/2021 22:10, Cyborg via Exim-users wrote:
I'm trying to get more infos about that attack vector from the german universities which found it, and will make some tests if possible, so we see what we actually have to defend against.
"The attacks, however, hinge on the prerequisite that the perpetrator can intercept and divert the victim's traffic at the TCP/IP layer." It's beyond most script-kiddies, at least. Email has no current standard for using ALPN; do we need one? That is suggested as mitigation for this attack. Exim does support SNI, which is also suggested (but only used if explicitly configured, at present, unless DANE). We might think about tightening up on the SNI defaults. I guess using DANE counts as another defense against this attack. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
