nanog mailing list archives
Re: sniffer/promisc detector
From: "Steven M. Bellovin" <smb () research att com>
Date: Tue, 20 Jan 2004 20:18:19 -0500
In message <054c01c3df79$6049c4f0$6401a8c0@alexh>, "Alexei Roudnev" writes:
Uhm, that would be wrong. This is simply "security through obscurity".Yes, it is wrong for the _smart books_. But it works in real life. Of course, it should not be the last line of defense; but it works as a first line very effectively.
Precisely. Don't count on security through obscurity -- there are targeted attacks, if nothing else -- but *after* you've taken all due precautions against a knowledgeable adversary, throwing in some obscurity can help, too. (Want a worked example? Ask the NSA to publish the algorithm for one of their top secret encryption algorithms...) But there's another major caveat: this sort of obscurity doesn't scale very well. It's fine to put ssh on another port if you have a relatively small community of reasonably sophisticated users who can cope, or if you can hand out canned configurations to less sophisticated users. But you couldn't easily put SMTP elsewhere, or no one could find you. You'd also have support problems with your user base if you tried doing that as an anti-relay technique. Obscurity works in small, closed communities. Beyond that, operational considerations can kill you. --Steve Bellovin, http://www.research.att.com/~smb
Current thread:
- Re: sniffer/promisc detector, (continued)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector Vadim Antonov (Jan 19)
- Re: sniffer/promisc detector Paul Vixie (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 19)
- Re: sniffer/promisc detector Brett Watson (Jan 19)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 20)
- Re: sniffer/promisc detector Dave Israel (Jan 20)
- Re: sniffer/promisc detector Niels Bakker (Jan 20)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 21)
- Re: sniffer/promisc detector Steven M. Bellovin (Jan 20)
- Re: sniffer/promisc detector haesu (Jan 20)
- RE: sniffer/promisc detector Henry Linneweh (Jan 20)
- Re: sniffer/promisc detector Ruben van der Leij (Jan 21)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 21)
- Re: sniffer/promisc detector Ruben van der Leij (Jan 21)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 21)
- Re: sniffer/promisc detector Crist Clark (Jan 21)