Vulnerability Development mailing list archives
Re: spoofing the ethernet address (license managers)
From: sherrill () TI COM (Eric Sherrill)
Date: Wed, 29 Mar 2000 10:19:01 -0600
I disagree with the assessment that it only helps honest people stay honest, in large part because tying license managers to supposedly "unique" information like MAC addresses, can become a real pain for the sysadmin. Here are some examples. 1. I lose an important machine and need to replace the motherboard or swap its disk(s) out to a spare machine, to get it back up & running quickly. Now I also have to worry about transferring the NIC and/or NVRAM (Sun hostid chip) as well. What about Intel machines which increasingly have mobo-integrated Ethernet? Better hope you can change that MAC in software.... 2. I lose my license server. Now all my licensed software stops working, unless/until a backup or failover machine gets the license manager running again (but see above & below). I know that this is sometimes mitigated (only new client instances fail, not currently running ones, in many cases) but still painful. 3. I am running a cluster. IP failover and/or load-balancing depends on "floating" IP addresses which can pass between machines. Each machine has its own MAC address and IP address, but also a shared/floating IP address. If one is overloaded or dies and passes off the license manager daemon to another node, it will need to either take over the MAC address of the failed/overloaded node (which can make failing back tricky, mess up ARP tables, or worse), or else the license manager will have to have a separate license server file keyed for each node (and be intelligent enough to fail over gracefully). 4. I want to install a new machine, say solely for some temporary purpose, such as troubleshooting a problem. Now I either have to have a spare license available on the license server, or I have to send information to the vendor and wait for them to issue an updated license file. This can involve anything from a simple e-mail or two, to layers of corporate purchasing red tape (and weeks of waiting). 5. Most license managers I have worked with are only "network-aware" in the minimal sense that they seem to work in only a limited client-server paradigm - one server, many clients. What would be more helpful: a license manager that can discover and report (to the admin, not the vendor) on authorized and unauthorized copies of licensed software running anywhere on your network (although this type of port-scan might also raise some network managers' eyebrows); that can implement a shared pool of licenses among more than one "server" machine (this would also help with 3. above); that can automatically issue a limited number of "exceptions" within certain boundaries to help with variable peak loads (say you go over by one or two seats for a few days on your quota, no problem; if you consistently abuse it, however, the vendor is notified). Anybody know of any products with UNIX and NT cross-platform availability with these type of features? -Eric -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Forrest W. Christian Sent: Monday, March 27, 2000 11:36 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: spoofing the ethernet address (license managers) On Mon, 27 Mar 2000, Michael Wojcik wrote:
Yes, people have proposed arcane, byzantine schemes like encrypting
portions
of the program, scattering license checks through it, etc. Sooner or
later,
though, the software has to decide to trust something that's under the user's control.
This reminds me of the Apple II days, when all of the above were attempted and some of them were somewhat successful, at least for a while. I remember when the "holy grail" of deprotection was Microsoft Flight Simulator - They used some funky obscure code which basically accessed the disk in ways the designer never intended. Nothing could copy it very reliably as a result, and it was out for at least a year or so before someone successfully figured out how to extract it onto an easily copyable disk in a form that would work. But the short version is that no matter the copy protection someone will figure a way around it. I fully agree with the rest the (trimmed) message that the real purpose of licensing is to help keep those honest people honest. I think people should look at ways to help count software which needs to be licensed. For this, the mac-address based scheme might be useful, as it does tend to provide a unique (at least in an enterprise) identifier for a computer. - Forrest W. Christian (forrestc () imach com) KD7EHZ ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ----------------------------------------------------------------------
Current thread:
- Re: spoofing the ethernet address (license managers) Michael Wojcik (Mar 27)
- Re: spoofing the ethernet address (license managers) Forrest W. Christian (Mar 27)
- Re: spoofing the ethernet address (license managers) Eric Sherrill (Mar 29)
- Re: spoofing the ethernet address (license managers) Forrest W. Christian (Mar 29)
- Re: spoofing the ethernet address (license managers) Eric Sherrill (Mar 29)
- Explorer crashes when it sees this .lnk file Parity Error (Mar 28)
- Re: Explorer crashes when it sees this .lnk file Vladimir Dubrovin (Mar 29)
- Re: Explorer crashes when it sees this .lnk file Mike Furr (Mar 29)
- TCP Sequence Prediction Dean Michael Dorman (Mar 29)
- Re: TCP Sequence Prediction H D Moore (Mar 29)
- Re: TCP Sequence Prediction Seth R Arnold (Mar 29)
- Re: TCP Sequence Prediction Vladimir Dubrovin (Mar 30)
- Re: TCP Sequence Prediction Maxime Rousseau (Mar 30)
- Re: TCP Sequence Prediction Paul Taylor (Mar 30)
- Re: spoofing the ethernet address (license managers) Forrest W. Christian (Mar 27)