RE: ICMP (Ping)

["Gerard Marshall Vignes" <gerardmarshallvignes () hotmail com>]

The applicable tenet from encryption is that the encryption method is known,
while the key is kept secret. This is taken to an extreme today, where many
common encryption methods are published openly. This is why attackers
usually try to get the keys. These encryption methods are both efficient and
effective.

If you read about the Allies cracking of Ultra (Shark, Enigma) during WWII,
you can see the relevance of this tenet.  The German use of rotors and plugs
seemed to make it an invincible encryption engine.  But the Bletchley staff
understood the basic mechanism and devised a way to 
Separate the effects of the rotors from the effects of the plugs.  As it
turned out, the plugs contributed very little to the security of Ultra.  The
Germans would have done better by using more rotors (5-10) and left the
plugs out completely. The result would have been a somewhat larger but
simpler machine that was easier to use but far more difficult to crack.

Please feel free to flame me for butting in w/o being invited  :-)


-----Original Message-----
From: Tim Greer [mailto:chatmaster () charter net] 
Sent: Thursday, September 04, 2003 3:53 PM
To: SMiller () unimin com
Cc: security-basics () securityfocus com
Subject: RE: ICMP (Ping)


On Thu, 2003-09-04 at 10:23, SMiller () unimin com wrote:
> Regarding the oft cited admonition against "security by obscurity": 
> according to Bruce Schneier this is "Kerckhoffs' Principle", 
> formulated in 1883 by Auguste Kerckhoffs, and as such is narrowly 
> applicable only to algorithms used for cryptography.  It may or may 
> not apply to other and more generalized security issues, those cases 
> must be evaluated individually.  Regarding ICMP:

Fun stuff... what some people seem to fail to understand, is that it's
unlikely someone's going to randomly probe for IP's to just randomly attack.
The type of attacks that people launch are going to be from people that know
you're there anyway.... otherwise if they are mindless enough, they will
apparently attack the IP they didn't check to see if it's there.

A network is going to be attacked if it's a target... if it is, you can toss
any responses you like and pretend there's nothing but a big, black hole in
cyberspace... they'll still hit your network.  If they are doing it blindly,
they will do it blindly anyway.  I don't see this as much of a benefit,
unless you are going to be targeted and you can somehow minimize the damage
done by disabling this.

Overall, I don't think it's a good or bad thing, I do it on some and not on
others, depending on what I'm thinking or doing at the time. However, I
wouldn't really say it's going to do much one way or another, unless you
just want to prevent very specific type of attacks where this would actually
help prevent or minimize damage.  But just to hide, well, good luck. :-)
-- 
Tim Greer <chatmaster () charter net>


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------