Re: Unhackable network really unhackable?
Julian Wynne wrote:
Furthermore we would like to point out that InvisiLAN technology has no relation
whatsoever with DHCP, for example InvisiLAN changes randomly not just the IP
address but also the MAC address and the port numbers.
The InvisiLAN technique is an instance of what I called "interface
permutation" in this paper:
"The Cracker Patch Choice: An Analysis of Post Hoc Security
Techniques". Crispin Cowan, Heather Hinton, Calton Pu, and Jonathan
Walpole. Presented at the National Information Systems Security
Conference (NISSC) <http://csrc.nist.gov/nissc/>, Baltimore MD,
October 16-19 2000. PDF
<http://immunix.com/%7Ecrispin/crackerpatch.pdf>.
The specific approach of IP address hopping was described in this DARPA
experiment:
"Dynamic Approaches to Thwart Adversary Intelligence Gathering
<http://www.iaands.org/discex_II/Briefs/13June/I&E/I&E_4_Kewley_DISCEXII_DYNAT.ppt>",
Doreen Kewley et al, DARPA Information Survivability Conference &
Expo (DISCEX II), June 12-14, 2001.
We understand that the claim of unhackability is a steep one but I can assure you
that anyone who has tested the system in the past has been swept away by the
effectiveness and the implications of this new technology.
In the DARPA experiment anyway, it turned out to be hackable :) More
precisely, it imposed a delay on the attacker, but did not stop them. A
notable difference is that the DARPA experiment only changed the IP
address, and not the MAC address. I'm not convinced that this will make
a difference, but it could.
Crispin
--
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
Chief Scientist, Immunix http://immunix.com
http://www.immunix.com/shop/