Re: Unhackable network really unhackable?

From: Thor (thor_at_hammerofgod.com)
Date: 11/29/03

  • Next message: Hat-Squad Security Team: "Re: phpBB 2.06 search.php SQL injection"
    To: "Crispin Cowan" <crispin@immunix.com>, "Julian Wynne" <bugjules@anarkey.org>
    Date: Sat, 29 Nov 2003 07:19:10 -0800
    
    

    > >We understand that the claim of unhackability is a steep one but I can
    assure you
    > >that anyone who has tested the system in the past has been swept away by
    the
    > >effectiveness and the implications of this new technology.
    > >
    > In the DARPA experiment anyway, it turned out to be hackable :) More
    > precisely, it imposed a delay on the attacker, but did not stop them. A
    > notable difference is that the DARPA experiment only changed the IP
    > address, and not the MAC address. I'm not convinced that this will make
    > a difference, but it could.

    I had actually posted earlier regarding MAC addresses and the ease of adding
    static entries in the ARP table to hit a host on the local LAN (once in),
    but it did not seem to make it.

    It is refreshing to see you (the vendor, not you Crispin) use "the
    effectiveness and implications" rather than stand by "un-hackable," even
    though I know it was the OP's statement, and not the vendors. Even if
    hackable, it looks like a pretty effective layer of security, which may make
    attackers look for LHF. I have accomplished similar security-in-depth
    features by requiring IPSec for all IP traffic (certificate based) though
    that is of course at the network software layer, and some administrative
    issues are introduced by such a configuration. Interesting stuff, though.

    T


  • Next message: Hat-Squad Security Team: "Re: phpBB 2.06 search.php SQL injection"