lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <3FC71F0B.7020608@immunix.com> Date: Fri, 28 Nov 2003 02:10:19 -0800 From: Crispin Cowan <crispin@...unix.com> To: Julian Wynne <bugjules@...rkey.org> Cc: bugtraq@...urityfocus.com Subject: Re: Unhackable network really unhackable? Julian Wynne wrote: >Furthermore we would like to point out that InvisiLAN technology has no relation >whatsoever with DHCP, for example InvisiLAN changes randomly not just the IP >address but also the MAC address and the port numbers. > The InvisiLAN technique is an instance of what I called "interface permutation" in this paper: "The Cracker Patch Choice: An Analysis of Post Hoc Security Techniques". Crispin Cowan, Heather Hinton, Calton Pu, and Jonathan Walpole. Presented at the National Information Systems Security Conference (NISSC) <http://csrc.nist.gov/nissc/>, Baltimore MD, October 16-19 2000. PDF <http://immunix.com/%7Ecrispin/crackerpatch.pdf>. The specific approach of IP address hopping was described in this DARPA experiment: "Dynamic Approaches to Thwart Adversary Intelligence Gathering <http://www.iaands.org/discex_II/Briefs/13June/I&E/I&E_4_Kewley_DISCEXII_DYNAT.ppt>", Doreen Kewley et al, DARPA Information Survivability Conference & Expo (DISCEX II), June 12-14, 2001. >We understand that the claim of unhackability is a steep one but I can assure you >that anyone who has tested the system in the past has been swept away by the >effectiveness and the implications of this new technology. > In the DARPA experiment anyway, it turned out to be hackable :) More precisely, it imposed a delay on the attacker, but did not stop them. A notable difference is that the DARPA experiment only changed the IP address, and not the MAC address. I'm not convinced that this will make a difference, but it could. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/
Powered by blists - more mailing lists