lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <006a01c37fa3$ea8e0a80$976da8c0@ICE>
From: matt.barrie at sensorynetworks.com (Matt Barrie)
Subject: idea

I read a magazine article many months ago about a company producing 
'security products' based upon this sort of protocol. If I remember
correctly, the chief scientist was russian and they had/were seeking
intellectual property protection on the concept. Regardless, I don't 
see what this mess gains you.



-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of D B
Sent: Saturday, September 20, 2003 10:20 AM
To: biondi@...tel-securite.fr
Cc: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] idea

excuse the top post ...yahoo isnt very friendly

ok ill try to answer this..... 

i am by no means a guru of ip protocols but have
agured this with a few people and decided it will work

chunk of data ..... encrypted ..... sliced into random
chunks ....sent to random  ports in a random order
...add some noise generated to simulate data transfer
that is actually transferred but dropped to /dev/null
( that was added after a discussion )

 with the initial connection being ssl the two clients
agree on ports and the order of real data to be sent
that is then followed with a possibility of someone
sniffing ...IF they break the ssl they then have to
reassemble the data in the proper sequence dismissing
all the random noise

what the port hopping tries to achieve is making it
even more difficult to sniff because one cant just
sniff a certain port.... with a random range u have to
suck in garbage data and this increases the time it
takes to reassemble if it is even possible

that is the base idea ...but i feel that by rolling
the ports we would achieve something similar to the
freq hopping and yes it does create complexity ...but
then isnt all security just a level of complexity
added to something simple ?



if it doesnt work at least i learn to code C++ by
trying to make it 

D B 

"my tore up"



-----------------------------------

Message: 3
Date: Sat, 20 Sep 2003 16:31:05 +0200 (CEST)
From: Philippe Biondi <biondi@...tel-securite.fr>
To: Steven Fruchter <steven_fruchter@...mail.com>
Cc: "'John Sage'" <jsage@...chhaven.com>, 
<full-disclosure@...ts.netsys.com>
Subject: RE: [Full-Disclosure] idea


What is the added security value of this ??
Sounds more like "security through complexity" to me.
An IP flow does not have the properties that make FHSS
have and added
value to communications over radio frequencies.


On Fri, 19 Sep 2003, Steven Fruchter wrote:

> That sounds good and is very very similar to FHSS
(Frequency Hoping
> Spread Spectrum) for wireless communication
technologies.
>
> -Steven Fruchter
>
> > -----Original Message-----
> > From: full-disclosure-admin@...ts.netsys.com
> > [mailto:full-disclosure-admin@...ts.netsys.com] On
Behalf Of John 
Sage
> > Sent: Friday, September 19, 2003 10:27 PM
> > To: full-disclosure@...ts.netsys.com
> > Subject: Re: [Full-Disclosure] idea
> >
> >
> > Too late!
> >
> > On Fri, Sep 19, 2003 at 02:39:07PM -0700, D B
wrote:
> > > correct ....
> > >
> > > with an encryption layer that obscures the data
so the
> > > next "freq" isnt tattletailed thus making it
hard to
> > > know which packets are part of the actual data
and
> > > which are controlling before it hops
> > >
> > > and just for the record .... if this idea is
original
> > > it will be opensource licensed
> > >
> > > i will now move this topic off this list
> > >
> > > thank u all
> > >
> > > D B
> > >
> > > "my tore up"
> >
> > Thanks indeed for posting your interesting ideas,
but I've
> > just now beaten you to it, and if you *do* write
such a
> > program, my army of underworked, avaricious
lawyers will sue
> > the cr*p out of you, and you'll be working for me
for the
> > rest of your life.
> >
> > Not a happy prospect, I can assure you.
> >
> > But all the same, thanks again...
> >
> >
> > - John
> > --
> > "Warning: time of day goes back, taking
countermeasures."
> > John Sage
> > InfoSec Groupie
> > -
> > ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
> > -
> > ATTENTION: this message is privileged
communication. If you
> > read it even though you aren't supposed to, you're
a poopy-head.
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
http://lists.netsys.com/full-disclosure-charter.html
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html
>

-- 
Philippe Biondi <biondi@ cartel-securite.fr> Cartel
S?curit?
Security Consultant/R&D                      
http://www.cartel-securite.fr
PGP KeyID:3D9A43E2  
FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ