Re: Unhackable network really unhackable?

From: Kurt Seifried (bt_at_seifried.org)
Date: 11/29/03

  • Next message: Thor: "Re: Unhackable network really unhackable?"
    To: "Crispin Cowan" <crispin@immunix.com>, "Julian Wynne" <bugjules@anarkey.org>
    Date: Fri, 28 Nov 2003 16:22:40 -0700
    
    

    >Furthermore we would like to point out that InvisiLAN technology has no
    relation
    >whatsoever with DHCP, for example InvisiLAN changes randomly not just the
    IP
    >address but also the MAC address and the port numbers.

    I don't see how MAC address changes would help for several reasons:

    1) across the internet, let's face it. no-one cares what your MAC address
    is.
    2) on local networks I can wtach arp traffic
    3) you can no longer do port locking on switches to a given MAC address

    I assume the invisilan technology needs some sort of client/server setup
    with a master to track all the IP/MAC/port changes, otherwise client systems
    will never be able to connect properly to servers. This would seem to me to
    be a nice vulnerability point.

    Assuming the MAC address keeps changing any established connections can be
    more easily hijacked by assuming the old MAC address (which the victim was
    polite enough to give up on it's own).

    As far as I can tell this actually makes it sound like it would make a local
    attackers life easier. Firewalling can't really be used to restrict access
    to systems since the ports/ip keep changing, any IDS solution is going to
    yack up hairballs, assuming you can ever get it tuned to actually see the
    traffic properly, etc, etc.

    As for remote attackers, ok, it makes life a bit harder, but wouldn't those
    remote people who shouldn't be accerssing you be firewalled anyways?

    All in all it sounds like a wonky technology that hasn't been clearly
    thought out, and doesn't really address an identifiable problem. But boy,
    does it ever sound cool (I suppose one star out of five for sheer chutzpah
    is ok).

    Kurt Seifried, kurt@seifried.org
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    http://seifried.org/security/


  • Next message: Thor: "Re: Unhackable network really unhackable?"

    Relevant Pages

    • Re: Lack of Mac Malware baffles experts
      ... This latest security update was the biggest in Apple ... Remote attackers may cause a denial of service during SSL ... that Mac OS X had perfect security. ...
      (comp.sys.mac.advocacy)
    • Re: dhcpd MAC filter
      ... ipfw 2 supports firewalling by MAC address, ... You can specify MAC addresses in your DHCP config to reserve specific IP ... regardless of whether they can get a DHCP lease. ...
      (freebsd-questions)