Re: Unhackable network really unhackable?

[Crispin Cowan <crispin () immunix com>]

Julian Wynne wrote:

> Furthermore we would like to point out that InvisiLAN technology  has no relation 
> whatsoever with DHCP, for example InvisiLAN changes randomly not just the IP 
> address but also the MAC address and the port numbers.
The InvisiLAN technique is an instance of what I called "interface 
permutation" in this paper:

   "The Cracker Patch Choice: An Analysis of Post Hoc Security
   Techniques".  Crispin Cowan, Heather Hinton, Calton Pu, and Jonathan
   Walpole.  Presented at the National Information Systems Security
   Conference (NISSC) <http://csrc.nist.gov/nissc/>, Baltimore MD,
   October 16-19 2000. PDF
   <http://immunix.com/%7Ecrispin/crackerpatch.pdf>.

The specific approach of IP address hopping was described in this DARPA 
experiment:

   "Dynamic Approaches to Thwart Adversary Intelligence Gathering
   <http://www.iaands.org/discex_II/Briefs/13June/I&E/I&E_4_Kewley_DISCEXII_DYNAT.ppt>",
   Doreen Kewley et al, DARPA Information Survivability Conference &
   Expo (DISCEX II), June 12-14, 2001.


> We understand that the claim of unhackability is a steep one but I can assure you 
> that anyone who has tested the system in the past has been swept away by the 
> effectiveness and the implications of this new technology. 
In the DARPA experiment anyway, it turned out to be hackable :) More 
precisely, it imposed a delay on the attacker, but did not stop them. A 
notable difference is that the DARPA experiment only changed the IP 
address, and not the MAC address. I'm not convinced that this will make 
a difference, but it could.

Crispin

--
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
           http://www.immunix.com/shop/