Re: Unhackable network really unhackable?
From: Crispin Cowan (crispin_at_immunix.com)
Date: 11/28/03
- Previous message: Trustix Security Advisor: "TSLSA-2003-0044 - bind"
- In reply to: Julian Wynne: "Re: Unhackable network really unhackable?"
- Next in thread: Kurt Seifried: "Re: Unhackable network really unhackable?"
- Reply: Kurt Seifried: "Re: Unhackable network really unhackable?"
- Reply: Thor: "Re: Unhackable network really unhackable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Nov 2003 02:10:19 -0800 To: Julian Wynne <bugjules@anarkey.org>
Julian Wynne wrote:
>Furthermore we would like to point out that InvisiLAN technology has no relation
>whatsoever with DHCP, for example InvisiLAN changes randomly not just the IP
>address but also the MAC address and the port numbers.
>
The InvisiLAN technique is an instance of what I called "interface
permutation" in this paper:
"The Cracker Patch Choice: An Analysis of Post Hoc Security
Techniques". Crispin Cowan, Heather Hinton, Calton Pu, and Jonathan
Walpole. Presented at the National Information Systems Security
Conference (NISSC) <http://csrc.nist.gov/nissc/>, Baltimore MD,
October 16-19 2000. PDF
<http://immunix.com/%7Ecrispin/crackerpatch.pdf>.
The specific approach of IP address hopping was described in this DARPA
experiment:
"Dynamic Approaches to Thwart Adversary Intelligence Gathering
<http://www.iaands.org/discex_II/Briefs/13June/I&E/I&E_4_Kewley_DISCEXII_DYNAT.ppt>",
Doreen Kewley et al, DARPA Information Survivability Conference &
Expo (DISCEX II), June 12-14, 2001.
>We understand that the claim of unhackability is a steep one but I can assure you
>that anyone who has tested the system in the past has been swept away by the
>effectiveness and the implications of this new technology.
>
In the DARPA experiment anyway, it turned out to be hackable :) More
precisely, it imposed a delay on the attacker, but did not stop them. A
notable difference is that the DARPA experiment only changed the IP
address, and not the MAC address. I'm not convinced that this will make
a difference, but it could.
Crispin
-- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/
- Previous message: Trustix Security Advisor: "TSLSA-2003-0044 - bind"
- In reply to: Julian Wynne: "Re: Unhackable network really unhackable?"
- Next in thread: Kurt Seifried: "Re: Unhackable network really unhackable?"
- Reply: Kurt Seifried: "Re: Unhackable network really unhackable?"
- Reply: Thor: "Re: Unhackable network really unhackable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
