Bugtraq mailing list archives
Re: Unhackable network really unhackable?
From: "Thor" <thor () hammerofgod com>
Date: Sat, 29 Nov 2003 07:19:10 -0800
We understand that the claim of unhackability is a steep one but I can
assure you
that anyone who has tested the system in the past has been swept away by
the
effectiveness and the implications of this new technology.In the DARPA experiment anyway, it turned out to be hackable :) More precisely, it imposed a delay on the attacker, but did not stop them. A notable difference is that the DARPA experiment only changed the IP address, and not the MAC address. I'm not convinced that this will make a difference, but it could.
I had actually posted earlier regarding MAC addresses and the ease of adding static entries in the ARP table to hit a host on the local LAN (once in), but it did not seem to make it. It is refreshing to see you (the vendor, not you Crispin) use "the effectiveness and implications" rather than stand by "un-hackable," even though I know it was the OP's statement, and not the vendors. Even if hackable, it looks like a pretty effective layer of security, which may make attackers look for LHF. I have accomplished similar security-in-depth features by requiring IPSec for all IP traffic (certificate based) though that is of course at the network software layer, and some administrative issues are introduced by such a configuration. Interesting stuff, though. T
Current thread:
- Unhackable network really unhackable? ジースポート 黒田 (Nov 24)
- Re: Unhackable network really unhackable? vb (Nov 24)
- <Possible follow-ups>
- RE: Unhackable network really unhackable? Bohling James CONT JBC (Nov 24)
- Re: Unhackable network really unhackable? Julian Wynne (Nov 27)
- Re: Unhackable network really unhackable? Niels Bakker (Nov 27)
- Re: Unhackable network really unhackable? Crispin Cowan (Nov 28)
- Re: Unhackable network really unhackable? Kurt Seifried (Nov 29)
- Re: Unhackable network really unhackable? Thor (Nov 29)