lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3FC71F0B.7020608@immunix.com>
Date: Fri, 28 Nov 2003 02:10:19 -0800
From: Crispin Cowan <crispin@...unix.com>
To: Julian Wynne <bugjules@...rkey.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: Unhackable network really unhackable?


Julian Wynne wrote:

>Furthermore we would like to point out that InvisiLAN technology  has no relation 
>whatsoever with DHCP, for example InvisiLAN changes randomly not just the IP 
>address but also the MAC address and the port numbers.
>
The InvisiLAN technique is an instance of what I called "interface 
permutation" in this paper:

    "The Cracker Patch Choice: An Analysis of Post Hoc Security
    Techniques".  Crispin Cowan, Heather Hinton, Calton Pu, and Jonathan
    Walpole.  Presented at the National Information Systems Security
    Conference (NISSC) <http://csrc.nist.gov/nissc/>, Baltimore MD,
    October 16-19 2000. PDF
    <http://immunix.com/%7Ecrispin/crackerpatch.pdf>.

The specific approach of IP address hopping was described in this DARPA 
experiment:

    "Dynamic Approaches to Thwart Adversary Intelligence Gathering
    <http://www.iaands.org/discex_II/Briefs/13June/I&E/I&E_4_Kewley_DISCEXII_DYNAT.ppt>",
    Doreen Kewley et al, DARPA Information Survivability Conference &
    Expo (DISCEX II), June 12-14, 2001.


>We understand that the claim of unhackability is a steep one but I can assure you 
>that anyone who has tested the system in the past has been swept away by the 
>effectiveness and the implications of this new technology. 
>
In the DARPA experiment anyway, it turned out to be hackable :) More 
precisely, it imposed a delay on the attacker, but did not stop them. A 
notable difference is that the DARPA experiment only changed the IP 
address, and not the MAC address. I'm not convinced that this will make 
a difference, but it could.

Crispin

-- 
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
            http://www.immunix.com/shop/

Powered by blists - more mailing lists