lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <08d101c3b68c$293239e0$1448f044@lappy>
Date: Sat, 29 Nov 2003 07:19:10 -0800
From: "Thor" <thor@...merofgod.com>
To: "Crispin Cowan" <crispin@...unix.com>,
	"Julian Wynne" <bugjules@...rkey.org>
Cc: <bugtraq@...urityfocus.com>
Subject: Re: Unhackable network really unhackable?


> >We understand that the claim of unhackability is a steep one but I can
assure you
> >that anyone who has tested the system in the past has been swept away by
the
> >effectiveness and the implications of this new technology.
> >
> In the DARPA experiment anyway, it turned out to be hackable :) More
> precisely, it imposed a delay on the attacker, but did not stop them. A
> notable difference is that the DARPA experiment only changed the IP
> address, and not the MAC address. I'm not convinced that this will make
> a difference, but it could.

I had actually posted earlier regarding MAC addresses and the ease of adding
static entries in the ARP table to hit a host on the local LAN (once in),
but it did not seem to make it.

It is refreshing to see you  (the vendor, not you Crispin) use "the
effectiveness and implications" rather than stand by "un-hackable," even
though I know it was the OP's statement, and not the vendors.  Even if
hackable, it looks like a pretty effective layer of security, which may make
attackers look for LHF.    I have accomplished similar security-in-depth
features by requiring IPSec for all IP traffic (certificate based) though
that is of course at the network software layer, and some administrative
issues are introduced by such a configuration.  Interesting stuff, though.

T



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ