<<< Date Index >>>     <<< Thread Index >>>

Re: Unhackable network really unhackable?



Julian Wynne wrote:

Furthermore we would like to point out that InvisiLAN technology has no relation whatsoever with DHCP, for example InvisiLAN changes randomly not just the IP address but also the MAC address and the port numbers.

The InvisiLAN technique is an instance of what I called "interface permutation" in this paper:

   "The Cracker Patch Choice: An Analysis of Post Hoc Security
   Techniques".  Crispin Cowan, Heather Hinton, Calton Pu, and Jonathan
   Walpole.  Presented at the National Information Systems Security
   Conference (NISSC) <http://csrc.nist.gov/nissc/>, Baltimore MD,
   October 16-19 2000. PDF
   <http://immunix.com/%7Ecrispin/crackerpatch.pdf>.

The specific approach of IP address hopping was described in this DARPA experiment:

   "Dynamic Approaches to Thwart Adversary Intelligence Gathering
   
<http://www.iaands.org/discex_II/Briefs/13June/I&E/I&E_4_Kewley_DISCEXII_DYNAT.ppt>",
   Doreen Kewley et al, DARPA Information Survivability Conference &
   Expo (DISCEX II), June 12-14, 2001.


We understand that the claim of unhackability is a steep one but I can assure you that anyone who has tested the system in the past has been swept away by the effectiveness and the implications of this new technology.
In the DARPA experiment anyway, it turned out to be hackable :) More precisely, it imposed a delay on the attacker, but did not stop them. A notable difference is that the DARPA experiment only changed the IP address, and not the MAC address. I'm not convinced that this will make a difference, but it could.

Crispin

--
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
           http://www.immunix.com/shop/