Re: Sliding/Shifting/Morphing firewalls

["Stephen P. Berry" <spb () meshuga incyte com>]

-----BEGIN PGP SIGNED MESSAGE-----


Bill Stout <StoutB () pioneer-standard com>

> [...thinking...]  It reminds me of military spread-spectrum
> frequency-hopping radio systems which make it difficult to find transmitting
> sites, however in the SSFH analogy, the radios 'danced' across the band
> (port numbers) with each other.  Come to think of it, It wouldn't be
> difficult to apply this technology to the Internet, where it may comprise of
> a RAIDset of firewalls which talk to another RAIDset of firewalls and
> packets synchronously danced across IP addresses and port numbers [tm]...
> Dibs!  If anyone makes any money with this idea, I get royalties!  ;^)

I've used similar techniques for concealing (or obfuscating, anyway)
the movement of data from one place to another.  I.e., when I want
reasonably synchronous notification of some event from some sensor, but
don't want to advertise the fact that the sensor is looking for events
of that type.  In such situations, generating some decoy traffic is
generally useful.

If you're interested in muddying the waters beyond the portdancing
the RAID firewalls (firewobbles?) are doing, using some fraction
of the free bandwidth between them for decoy traffic might be
attractive---especially if you have any nagging concerns about
that PRNG you've got picking your ports for you.  Presumably your
protocoal for all this would include some mechanism for negotiating
the `what's and `where's for the decoy traffic---so you can distinguish
between decoy traffic and spoofed traffic.








- -Steve


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNsJM9Crw2ePTkM9BAQHHAwP8D3fS19Tv3KDlSPXZ6bKxpEdcwxZfDZyl
OHXo7o6DkjWLk7iwzbS4OJnXEbIE6EtmggjF6eQeeXjT7UUwBH48MOtPr1MlCPyn
XRB+FrpLGMoSP1Bx8P9vAofFS56pEYqLksxWW3sgy7YQvcUjiHBURcOqATVPn6Gn
gbd0if32+fo=
=j9P3
-----END PGP SIGNATURE-----