[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <08d101c3b68c$293239e0$1448f044@lappy>
Date: Sat, 29 Nov 2003 07:19:10 -0800
From: "Thor" <thor@...merofgod.com>
To: "Crispin Cowan" <crispin@...unix.com>,
"Julian Wynne" <bugjules@...rkey.org>
Cc: <bugtraq@...urityfocus.com>
Subject: Re: Unhackable network really unhackable?
> >We understand that the claim of unhackability is a steep one but I can
assure you
> >that anyone who has tested the system in the past has been swept away by
the
> >effectiveness and the implications of this new technology.
> >
> In the DARPA experiment anyway, it turned out to be hackable :) More
> precisely, it imposed a delay on the attacker, but did not stop them. A
> notable difference is that the DARPA experiment only changed the IP
> address, and not the MAC address. I'm not convinced that this will make
> a difference, but it could.
I had actually posted earlier regarding MAC addresses and the ease of adding
static entries in the ARP table to hit a host on the local LAN (once in),
but it did not seem to make it.
It is refreshing to see you (the vendor, not you Crispin) use "the
effectiveness and implications" rather than stand by "un-hackable," even
though I know it was the OP's statement, and not the vendors. Even if
hackable, it looks like a pretty effective layer of security, which may make
attackers look for LHF. I have accomplished similar security-in-depth
features by requiring IPSec for all IP traffic (certificate based) though
that is of course at the network software layer, and some administrative
issues are introduced by such a configuration. Interesting stuff, though.
T
Powered by blists - more mailing lists