[32612] in bugtraq
Re: Unhackable network really unhackable?
daemon@ATHENA.MIT.EDU (Crispin Cowan)
Fri Nov 28 17:54:12 2003
Message-ID: <3FC71F0B.7020608@immunix.com>
Date: Fri, 28 Nov 2003 02:10:19 -0800
From: Crispin Cowan <crispin@immunix.com>
MIME-Version: 1.0
To: Julian Wynne <bugjules@anarkey.org>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20031126233414.8656.qmail@sf-www3-symnsj.securityfocus.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Julian Wynne wrote:
>Furthermore we would like to point out that InvisiLAN technology has no relation
>whatsoever with DHCP, for example InvisiLAN changes randomly not just the IP
>address but also the MAC address and the port numbers.
>
The InvisiLAN technique is an instance of what I called "interface
permutation" in this paper:
"The Cracker Patch Choice: An Analysis of Post Hoc Security
Techniques". Crispin Cowan, Heather Hinton, Calton Pu, and Jonathan
Walpole. Presented at the National Information Systems Security
Conference (NISSC) <http://csrc.nist.gov/nissc/>, Baltimore MD,
October 16-19 2000. PDF
<http://immunix.com/%7Ecrispin/crackerpatch.pdf>.
The specific approach of IP address hopping was described in this DARPA
experiment:
"Dynamic Approaches to Thwart Adversary Intelligence Gathering
<http://www.iaands.org/discex_II/Briefs/13June/I&E/I&E_4_Kewley_DISCEXII_DYNAT.ppt>",
Doreen Kewley et al, DARPA Information Survivability Conference &
Expo (DISCEX II), June 12-14, 2001.
>We understand that the claim of unhackability is a steep one but I can assure you
>that anyone who has tested the system in the past has been swept away by the
>effectiveness and the implications of this new technology.
>
In the DARPA experiment anyway, it turned out to be hackable :) More
precisely, it imposed a delay on the attacker, but did not stop them. A
notable difference is that the DARPA experiment only changed the IP
address, and not the MAC address. I'm not convinced that this will make
a difference, but it could.
Crispin
--
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
Chief Scientist, Immunix http://immunix.com
http://www.immunix.com/shop/
