| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Nov 2003 07:19:10 -0800 From: "Thor" <thor@...merofgod.com> To: "Crispin Cowan" <crispin@...unix.com>, "Julian Wynne" <bugjules@...rkey.org> Cc: <bugtraq@...urityfocus.com> Subject: Re: Unhackable network really unhackable? > >We understand that the claim of unhackability is a steep one but I can assure you > >that anyone who has tested the system in the past has been swept away by the > >effectiveness and the implications of this new technology. > > > In the DARPA experiment anyway, it turned out to be hackable :) More > precisely, it imposed a delay on the attacker, but did not stop them. A > notable difference is that the DARPA experiment only changed the IP > address, and not the MAC address. I'm not convinced that this will make > a difference, but it could. I had actually posted earlier regarding MAC addresses and the ease of adding static entries in the ARP table to hit a host on the local LAN (once in), but it did not seem to make it. It is refreshing to see you (the vendor, not you Crispin) use "the effectiveness and implications" rather than stand by "un-hackable," even though I know it was the OP's statement, and not the vendors. Even if hackable, it looks like a pretty effective layer of security, which may make attackers look for LHF. I have accomplished similar security-in-depth features by requiring IPSec for all IP traffic (certificate based) though that is of course at the network software layer, and some administrative issues are introduced by such a configuration. Interesting stuff, though. T
Powered by blists - more mailing lists