Re: Possible New Security Tool For FreeBSD, Need Your Help.
From: Rob Simmons (rsimmons@wlcg.com)
Date: 08/31/01
- Next message: Alfred Perlstein: "Re: Possible New Security Tool For FreeBSD, Need Your Help."
- Previous message: Robert Watson: "Re: setlogincontext() modifications."
- In reply to: Eric Anderson: "Re: Possible New Security Tool For FreeBSD, Need Your Help."
- Next in thread: Alfred Perlstein: "Re: Possible New Security Tool For FreeBSD, Need Your Help."
- Reply: Alfred Perlstein: "Re: Possible New Security Tool For FreeBSD, Need Your Help."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 31 Aug 2001 17:51:43 -0400 (EDT) From: Rob Simmons <rsimmons@wlcg.com> To: Eric Anderson <anderson@centtech.com>
Why not require the incoming packets to be spoofed from a preordained set
of IP addresses to obfuscate it even more.
Robert Simmons
Systems Administrator
http://www.wlcg.com/
On Fri, 31 Aug 2001, Eric Anderson wrote:
> I guess what I meant by tight was that you would only allow packets from
> know trusted ip's (like the one's you would be coming from) anad deny
> all to everyone else. Of course someone could spoof your ip, but they
> would have a hard time finding out that ip. The comment on sniffing was
> to cover the bases, not to say it happens all the time, but you can't
> rule things out on the basis that "99.9% of all hackers".. thats a bad
> mentality to have when dealing with security issues I think.. It's a
> good idea, I'm just asking what benefit it gives you over a strict
> ipfilter list?
>
> Also, would you have a "client" tool to use to do this? if it was
> software that did it, wouldn't it be better to do a LOT of ports, in a
> certain order, etc? Like 100-200? 5 is way too few to make it
> unhackable. By the way, guessing key sequences isn't hard, it's simple,
> it just takes time, and that's something that computers have a lot of.
> Yes, it would take a long time, but it could do it.. I'm just saying it
> could be a false security.
>
> Why not do something thats based on time? Like, sshd (or anything you
> want) will be at port X at time Y depending on Z (where Z is a 'salt'
> kind of thing you define). So, using an algorithm with X, Y, and Z, and
> the time, your server and client use the same calculations to find what
> X will be at a given Y. You would just need your clocks synced. This
> isn't perfect either, just more stuff to throw in to the mess. :)
>
> Eric
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Alfred Perlstein: "Re: Possible New Security Tool For FreeBSD, Need Your Help."
- Previous message: Robert Watson: "Re: setlogincontext() modifications."
- In reply to: Eric Anderson: "Re: Possible New Security Tool For FreeBSD, Need Your Help."
- Next in thread: Alfred Perlstein: "Re: Possible New Security Tool For FreeBSD, Need Your Help."
- Reply: Alfred Perlstein: "Re: Possible New Security Tool For FreeBSD, Need Your Help."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
