Slashdot Mirror
Security Through Varying IPs
alanjstr writes "Reuters is reporting that an ex-CIA director and ex-KGB man have come together and developed a new way of 'hiding' internet communications. It does this by IP hopping: 'The Invicta system uses special cards to link protected computers to a central control unit. It lets clients decide how often they wish to vary IP addresses and specify which applications may be accessed on their network.'" I've always wondered if there could be a way through software to do this. Of course, a centralized server would need to route which would be a major bandwidth bottleneck.
Satellite phones are the ultimate stealth device. The best they could do is trace you to the western hemisphere. Iridium didn't fail. It was killed by a collusion of law-enforcement agencies and world govt's that still have monopolies on their telcos. They saw Iridium as an "illegal circunvention device" to get around local monopolies. And law enforcement saw the potential for hiding from any trace.
it's called a "Dial-up account", and I've been using it's security feature of random IP addresses (aka "dynamic" IP) for years. News sure travels slowly huh
But the GOOD traffic can find them? How the hell does this thing know the difference?
As someone else kindly pointed out, this is the same as frequency hopping in radio communications. You change frequency so often that an observing third party can't pick out the whole conversation. In fact (in the radio world), your communications pretty much just look like noise. This requires a fast processor, though, to implement properly.
Now, I admit, I haven't read the article, so this is a mostly uninformed point of view. However, if they plan to implement it anything like frequency hopping, I'm betting that the idea here is that this is for communication between two hosts that are aware of each other. They agree upon some IP hopping pattern at the beginning of the communication or even before the communication begins or figure out what the pattern is based on some set of acceptable patterns or, well, you get the idea. From that point on, the receiver listens for communications at the IPs that fall in the agreed-upon pattern. Whala, you are suddenly able to pick out the GOOD traffic. In order for it to be really secure, you need to be using IP hopping in both directions.
something clever
It works either way.
sigs are a waste of space
ZKS's Freedom is SOOOOO much better than this product it's rediculous. This is so far from revolutionary I doubt serious security people will pay much attention to it.
sigs are a waste of space
Been there, done that, downloaded the kernel t-patch. :)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
This is something that's been done for a while by gov't orgs. If your one of the primary objectives is security , something like this is developed "in-house" because they were creating a unique security measures. They can afford a boatload of IPs. This is not to be confused with security through obfuscation - the specifications of how this has being done has been kept secret since it is something intended for internal use. If everybody knows how this is handled (special routing, etc.) then it makes it easier to poke holes in the open protocol. This is one of the occasions where I would support a closed specification (I'm usually in favor of open standards).
Nah, that was a company called "invita" that was actually a company in washington state pretending along with the FBI.
A company I used to work for had a similar technology to prevent people from dialing into their servers. You would get a card that had an LCD and every few minutes the code would change. When you logged into the ppp server you had to provide the proper code to log in. It was a pain to carry this thing around with you but it worked.
Even though this technology is a bit different I don't see it being that great for security. Inside a corporate network this would be fine but on the internet this would be useless.
- If my IP address rotated all of the time how do my packets get back to me?
- Do these guys have to be my ISP? Wouldn't that mean that they would act as a firewall/router to the outside world?
I think I'll stick with encryption.
Second, don't the packets contain things like the MAC address of the ethernet card?
Yes, but this changes with every hop of the packet. The initial MAC ID is from your computer, and is the MAC ID of your NIC.
Once this packet hits the first router, it forwards the packet and it now contains the MAC ID of the router's NIC.
The only time tracking MAC IDs is usefull is if you are on a broadcast LAN, like ethernet w/ dumb hubs, and you can sniff traffic. Otherwise, its all the routers/switches MACs...
I think it's more like iptables -t nat -A POSTROUTING -s internalnet -j SNAT --to 10.1.1.1-10.1.1.254. Whoopie. My firewall has been doing that since I stuck iptables on it. I wouldn't think that it'd take much to randomly select a source IP instead of the current sequential selection...
How am I supposed to use IP based authentication on a moving target user? It's hard enough authenticating PPP(oE)/dhcp users. hosts.allow would have to become a process to let legitimate users in, and as such, security is weakened. What if the process freaks out, segfaults, zombies.....what about IP spoofing as eggshell code?
Do I have to prompt for a kerberos session every time the IP changes during a session? How easy would it be to hijack the session by fooling the stack into thinking that it legitimately changed to the attacker's IP? How easy would it be to DoS via spoofing parts of the protocol?
Frequency hopping radios are nifty, but we're not talking about beaming light. IP is much more complicated, and has more weak points.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
We already have an IP shortage! what if everyone started hopping IP's?
havn't they ever heard of encryption?
sheesh
"Tension is the great integrity" -- R. Buckminster Fuller
and the article was really light on details, but there are alot of better ways to be secure.
"Tension is the great integrity" -- R. Buckminster Fuller
..someone at the US Patent Office is on the ball about the capabilities of DHCP when/if they apply to patent this.
Whilst it is impractical/ impossible to lease IP addresses through DHCP multiple times per minute, it does sound as though it is a sort of faster DHCP.
I believe cable companies advertise the fact they use DHCP as a means of protecting the user from attacks in just this manner; of course the other reason is they don't want any pesky 'ol servers set up on their network....
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
..then IPv6 will need to the defacto IP standard sooner rather than later! Maybe its a cunning ploy to get everyone to upgrade!
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
Or frequency hopping. Indeed, I don't see why you need a "special card" or a central server, so long as the machines involved can agree on an IP sequence and the timing.
If you wanted to get fancy you could simultaneously assign several IPs and spread the packets amongst them (as well as periodically changing the IPs), to really confuse someone doing traffic analysis.
-- Alastair
Ahh, the joys of frequency-hop radios.
I've been trained on the SINCGARS model radio in the Army. It can jump between 100 frequencies per second and you can supposedly still make out what is being said , even if 30% of the hopset is being jammed.
Obscurity is only bad when it's the sole basis of your security measures. It is still an important part of any security system.
This is not about securing a system, it's about making it harder to find, period, as you said.
This doesn't seem to be the "incredible intellectual achievement" claimed in the article. Most modern radio-based communications do the exact same thing in the form of frequency hopping. And those system don't require a central host to mediate (although they don't have to worry about routing tables, which leads to . . .)
From the 'gotcha' front, I wonder how they addressed the problem allowable IP addresses to jump between. I would think you would always be limited to the subdomain routed by the host you connect to. If you are connecting from and to huge domains, it's not as bad, but if there is very little traffic in or out, it would be easy to reassemble your session simply by ignoring the IPs and capturing everything. Either way, you are relying on obscurity to provide security.
Although I wouldn't call it a bad idea, I don't think this qualifies as a good one.
-Trevor
Invicta doesn't appear to have a website. Maybe because they don't have an IP address for search engines to crawl? How would that work, anyway? If it switches addresses all the time, how do you keep a connection open?
I suppose windows is capable of releasing an ip and getting a new one... ideas?
Yep, get Windows 2000. It can change IP's, DNS servers, and more without rebooting.
What's your damage, Heather?
If I understand IP well enough. All they seem to do is spoof to another IP every 0.x seconds. Hence probably the billions of IP addresses too.
Maybe they have a lot of destination addresses too, but somewhere, somehow this has to be routed to the receiving end. Of course, it could be the central server, but then that would be nothing but a router.
Of course, one could also split an encrypted file/text in blocks, and send those in a particular order to/from a number of IP addresses. Kind of like a key. But that would be a pointless excercise: from 8ip's to 8 ip's would be equivalent to 6 bits extra keyspace (2^6 possibilities). It would just be just a little harder to get all of the traffic.
----------------------------------------------
the pun is mightier than the sword
Why not just use MultiProxy? You set it up as a proxy, and it connects and routes your TCP/IP traffic through other publicly available proxies on the 'net. You can have it cycle through (non)anonymous proxies at specified intervals, or for every connection. This is essentially the same idea, but without a centralized server. Right? Or am I way off? BTW, this program is great for circumventing blocked AIM or ICQ ports if you're behind a transparent firewall.
That's not how IPv6 is allocated. Check out RFC1884. First off, provider-based addresses only have 1/8 of the total address space (that's you, me and Slashdot). What's worse is much of that (45 bits) is allocated to service provider identification.
You'll basically have an SLA ID (Site-Level Aggregation Identifier) of 16 bits and an Interface ID of 64 bits. How can any company need more than this? Well, for starters, every company I know of over 1000 employees has many service providers for different divisions, acquired companies, failover, etc. Since those high 48 bits are used to identify unicast addressing and an ISP, you will have to have multiple SLA ID blocks....
When I posted, I thought the Interface ID was only 32 bits, so this is a much better situation. Certainly in a world where people allocate addresses as efficiently as we did in the early days of IPv4, we need not worry.
I give IPv6 unicast address space 10 years (5 more than my previous estimate) before we run out, and have to start chopping up the IPX space to give out....
The number was not 1 billion in the article, it was "billions", so your comment, "Now as we all know, 32 bits is roughly 1 billion
No, the space given to companies is very generous (vastly moreso than with v4) but if companies start planning based on using 32 bits per unique device, we won't last very long....
Assertion of fact 1: There are 64+16 bits of address available per ISP customer entity in IPv6. How the first 16 are managed is still slightly up in the air, and may not be available to the customer to directly manipulate.
Assertion of fact 2: The article suggested that using "billions" of IP addresses per device would soon be reasonable. Because of "increases in cyberspace".
Assertion of fact 3: Most medium-to-large companies will (conservatively) use 8-16 bits on subnetting, regardless of their actual need. How do I know this? Every such company I've interacted with ALREADY uses that much space in private addressing, and every one of them that I've spoken to plans to allocate IPv6 space to all of their private addresses, even if they're non-routable. This fact is based on the speculation that they will follow through with their plans, and that I've seen a representitive sample.
Extrapolation/Speculation 1: If companies start thinking in terms of using 32 bits of address for a single device (64 TIMES the normal allocation per device), you'll start seeing more abuses balooning out from there (I cite a major backbone provider that currently uses two
Extrapolation/Speculation 2: Given about 16 bits of subnetting space left over for your average large company on day one and the above speculation, I expect that to get used up in about 5-10 years. Why? Well, for one 5-10 years is the span of time that it took to go from "class B addresses are being restricted" to "we're breaking up class As to avoid an IP address crisis" in the 32-bit address space. Also, in the next 5-10 years, I expect to see 1) every household in the US and other major nations become IPv6 address space consumers 2) easily an order of magnitude more multi-home companies 3) massive need for routable IPs in pupblic places on wireless LANs. Take the coffee shop in Mountain View (Dana St Roasting Company) as an example. Such a place will need to allocate 128 IPs even if their peak crowd of 128 users all have IPs in every other public place that they use the network.
5 years was never a hard number in my original message, and when I found out that the allocation was 64 not 32 bits per customer, I backed off to "5-10" years, but there's no argument that before that article showed up 128-bit addresses seemed like a whole hell of a lot more network, and the end of IPv6 address space may have just become visible on the horizon....
Then again, I thought that IPv4 addresses were too limited back in '89 and admitted that I was wrong in '91.... It's a matter of perspective and experience that makes us able to critique the past so clearly; I doubt that all of what I've said here will be certain.
Company X has 100 applications that require a VPN (say, 100 data feed vendors). So, they do the usual IP address math that big companies do (round up the the nearest obscene order of magnitude). So, a billion addresses per application is roughly 32 bits.
Now, I need about 100 of those, but clearly growth is a concern, so let's say I need about 8 bits worth.
Ok, so before that company even gets off the ground. Before they even start deploying IPv6 on their servers, desktops, etc. They're using 256 COMPANIES worth of standard IPv6 allocation. If every company does this (and of course, this is a conservative example), we're talking about a gold-rush on IPv6 addresses that would exaust the non-reserved addresses trivially in the first 5 years.
Let's not be hasty, though, let's assume that we can multiplex these puppies. So, one device might be able to handle multiple servers and clients and rotate the IPs correctly using one IP space. Cool, so for each server-side device IBM buys, only one company's worth of v6 allocation need be used. That should give us another couple of years of life on the namespace.
All things considered, this is a very bad idea. Rotating through 20 addresses to confuse the issue can add some difficulty for crackers, but using "billions" of addresses will add you to my "rude Internet citizens" list.
- Your clients must all use this technology. This is fine for building a VPN, but it does nothing for building services which must be announced to the public.
- The quote: "The number of IP addresses drawn on may be in the billions thanks to an artificial increase in cyberspace, Sheymov said," makes me wonder. Are they refering to IPv6 or to private addresses? If we're talking IPv6, then I'm very concerned because I don't want to see every company on the planet sucking up billions of addresses per application. That would make the increase to 128 bits pointless. If they're talking about private addresses, you still have to map to an external address at some point, and that's your weak link.
- Since when do we expect the former head of the CIA to sell security solutions without back doors?
- On the other hand, since when do we expect the former head of the CIA to have a technical clue when endorsing products?
Color me skeptical....This would be less centralized and offer anonymity, in addition to making it hard to trace the connection.
yup..its a secureid hardware card. made by the ex RSA patent holders at RSA : http://rsa.com/products/securid/index.html
bitch to set up but it works great specially with kerberos...and it works with unixes and mainframes too. had an old universe mainframe install running it once.
I hope this doesn't become too widely-used. Can you say routing nightmare?
------
With a large enough IP space, couldn't one imbed information in the source address of the packet?
Yeah, I can see how great this would work with Windows: "You have worked for 2 seconds so I am changing your IP address. Windows must be restarted in order for this change to take effect. Restart now?" :-)
All this sounds like is a time based routing mechanism nothing more, and I don't really see how changing the IP address is going to save a misconfigured machine. For one, somewhere down the line the address is going to delegate out, so if say someone is browsing via 10.10.1.16 and they're browsing say something on my server and my logs show:
198.81.129.14
"http://www.antioffline.com/cia-soviet/" "Mozilla/4.0 (compatible; MSIE 5.5;Windows NT 5.0)"
Then about one second later
198.81.129.193 "http://www.antioffline.com/cia-soviet/" "Mozilla/4.0 (compatible; MSIE 5.5;Windows NT 5.0)"
Now this is typically another visitor or whatever, but if the connections were so repetitive enough with the same browser fingerprint coming through I can probably correlate them both together by their netblocks depending on who owned the block. So unless they plan on purchasing completely obsolete netblocks like say 198.81.129.0-255 then 198.83.0.0.-255 than how do they expect to stay obscured from view? Keep in mind that there are hardly any complete netblocks to purchase in that fashion (class A s close to impossible), so what are they really planning on doing?
Now if they partnered with ISP's to snag dhcp addresses not being used from a wide variety of places, say Earthlink here, MomandPopISP there, then it'd be a plus for them however simple traceroutes, and block lookups can give you their information. (who owns the block etc)
All it sounds like is a sort of a dhcp-round-robbin-routing set up which is not going to save them still, if someone is really intent on getting access to their networks, they'd run out of address ranges before their scheme would work.
Now on the spook/snoop side of things... I say TMTOWTPGPSAM! (There's More Than One Way To Sign PGP Sign A Message) to keep info from eyes other than the intended recipient.
Want Root?
Good question!..
This isn't like hopping ports, which theoretically might be able to do the same thing.. You're hopping IP's which means that the DNS server needs to know where the hell you are. If the DNS server knows where you are, then what's stopping me from querying the DNS server to find you?? I like the idea of hopping ports every few seconds, and firing encrypted packets that contain the next port, or a random seed included with the original request that defines the jump sequence...
--Mike--
Sounds like a neat idea if it works but..
Closed source network hardware + Promiscuity between security layers = Lower security
So this is the latest "unbreakable" huh? I'm sure nobody at the NSA, CIA, or KGB wants to know what's in those networks too. Cute.
How do you know this isn't just opening a big fat vpn tunnel right into your company so other people can look at your network? Cuts both ways.
Oh, check out www.invicta.com -- Looks like they haven't bothered to buy up their domain for a whole year. That's confidence I suppose.. Guess there's no site to have taken down.
Another story from a year ago here.
I haven't seen anything except untechnical fluff articles and only a couple over a year. The idea of a Russian guy calling his system Latin for "Unconquered" isn't slick, it's dumb. You just need someone at their physical location, something he should know about. What idiot will trust him to install the thing?
Sounds suspicious to me.... Depending on whether the "centralized" box is really a centralized box run by his company or only a centralized-per-customer firewall-like-thing, it could be a golden opportunity for wiretapping the paranoid, or it could be just watered-down explanations given to the non-technical press by the Corporate Speaker-To-Publicists.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The concept of frequency hopping was invented by Hedy Lamarr in the 1930's. It is currently being used in several countries as a secure way of sending military orders.
The advantage of frequency hopping to IP hopping seems to be that it's (probably) harder to predict frequencies than it is to predict IP addresses. No doubt they will/have figure/d out how to allocate a large anough IP space to make a fairly secure transmission and how to sync the sender and receiver.
(...and what to do about the unused IP's... hmmm... You only really need one big pool of IP addresses for a set of computers, don't you? Then it's just a matter of juggling the IP's around and make sure every computer in the set of computers know what IP they themselves and their respective communication partner at any moment have... The more computer that are communicationg over the pool of IP's, the more secure the channel is.)
And now, let's all repeat the mantra of the day: Computers do what we tell them to do. Thus no computer system will ever be completely secure.
It's 11pm, do you know what your deamons are up to?
Sounds like obscurity to me.
Also I doubt they'll be able to apply this to servers. All the crap I had to go through when my IP address changed - notifying all my clients, changing zone files, updating WHOIS info, ...
Now imagine doing this every 5 minutes when your IP changes.
just use dyndns.org yourself!
- passion
Or charity work for unemployed Russian tech workers ...
Get off my virtual lawn, you damned virtual kids!
If the sequence used by these cards is not completely random then observing the stream of packets from either of the two connected computers will allow one to extrapolate the formula used to sequence the address progress.
If I have the formula I need only a small ordered list of the IP addresses being used and I can predict what the next IP address will be. With that, I am in the loop.
This sounds like a glorified network card to me. This might confuse the kiddiez, but I suspect persons who use this company's products would be much better relying on very strong encryption and rigid security practices.
Get off my virtual lawn, you damned virtual kids!
I remember reading a while back now a paper on sending encrypted communications to a system using the TCP sequence number. The idea being to spoof a packet to the system under the guise of something fairly innocuous but have the real payload be encrypted and sent in the TCP sequence number or one of the other lesser used fields of the TCP packet. As far as any monitoring entity is concerned, that's just random crap coming in on the network connection.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Essentially all the computers using this "card" to communicate with the world wild web rely on firmware to be up to date and invulnerable to attacks. Not only does the card become the firewall, controlling which network services are available, it also becomes the ultimate "sitting duck" described in the article. According to the article, each client can decide how often it's ip should change and which network services it will serve. It would follow that an attacker could compromise the card by masquerading as one of the clients and actually ghost the entire website.
---
"This message is composed of 100% recycled electrons."
Are they trying to outdo one-click ordering?
In order to route IPs on the Internet, route aggregation is required. An end host isn't going to be able to switch its address amongst many different network addresses, only to different IPs in a subnet. Given that someone who wants to compromise a machine has to have a way to find/connect to it first, it is trivial to relocate a machine. Also, see if ARIN wants to assign whole blocks of IPs for machines to hop around on.
IPv6? Maybe that would make this slightly more useful. But if a machine is supposed to be accessible, you have to make it known where it is -- if it isn't accessible, then you SHOULD just put a firewall blocking all inbound traffic, and that's that.
Another day, another "revolution". *sigh*
I imagine it's only good to confuse sniffers for a VPN type connection.
something like this where two computers want to talk to eachother.
comp1: hey comp2
comp2: sup, here's my new ip
comp1[new ip] i'm down, here's my public key, and my new ip
comp2[new ip]: cool, here's my public key and my new ip
comp1[new ip/encrypted] here's my new super secrect receipe for grits.
something like that, which is bassicly a publickey/privatekey system with changing ip's. which i supose would help with man in the middle attacks.. maybe.
-Jon
this is my sig.
How is this different from police radios? They like to jump between frequencies, but I can walk into Radio Shack and get a scanner that'll receive them...
- In Capitalist America, law violates YOU!
--
--
I like to watch.
Seth
$5 / month hosted VPS on linux = awesome!
than some standard stuff we have now. If you're gonna have a network of computers talking to a "central control unit" to maintain security by having the IP hop around their subnet. Aren't they better off with something as simple a NAT enabled firewall?
I could see the utility of two distant computers carrying on a conversation, each changing their IP to be a pain to packet sniffers, I guess, but wouldn't encryption be more secure?
Ahhh. One feature would be the ability to specify which applications are available to the outside. Well, couldn't a firewall do that as well?
Also, if the IP address keeps changing, how exactly would their servers be available? If not by DNS (which wouldn't change fast enough and would defeat the purpose) then they'd only be available by IP, right? Of course, if the IP keep changing, how would you know the one for the server you wish to connect to?
Sounds daft to me.
--
Some people have a way with words, and some people, um, thingy.
I run a low-traffic web server, and have witnessed connections from AOL in my server logs that follow the pattern:
152.163.188.1
152.163.188.35
152.163.188.65
152.163.188.37
. . .
Often, the IP is changing between requesting each graphic from the index.html page.
This is probably just simple load-balancing taking place, but the results are very similar to this so-called "new technology" for hiding the source IP.
Even with a sufficiently large and diverse IP pool, this would essentially be only as secure as the random number generator that picks your next IP address. And we all know how robust and un-crackable random number algorithms are. . .
later,
kristau
So this is "not suited for widespread deployment."
Frequency hopping has been around for decades, most prominently in CDMA technology. More precisely, "IP Hopping" is an almost perfect analog to "slow frequency hopping" where multiple bits are transmitted on one frequency band before hopping to another band. I suppose "IP Hopping" can be considered novel, but no, not really.
"My connection is super secure. Other than the CIA and the KGB nobody can trace me!!!!"
..as in:
We'd like to "invita" you to our country, special party, very elite, BYOB, and don't forget your toothbrush.
Maybe "invita-tion" would make a good New Hacker's Dictionary term: getting invited to something that is going to be detrimental to your health/career/whathaveyou. Probably not in the hacker psyche deeply enough though.
This won't work. Sub-second IP changes would mean the server (read "router") will have to log the chain of IPs for a short while, in order to route (NAT) return traffic properly. So compromise the router, security gone. I, for one, don't trust that. Second, as a website, simply do traffic analysis on your logs. Most sites have referrer turned on, they'll know if you click two consecutive links on their site (or enough of the time to reveal your uniqueness). This is (weak) information hiding, not security. Where do they get these people?
Well - so you have your small company, one internet connection, one subnet and your system starts IP hopping on that subnet. How braindead.
If you own multiple connections to the internet in more than one country and could switch between them, it would be more interesting. But different RTTs and switchover times will kill you then.
Sounds simply useless...
But seriously... It sounds good in theory, but if developers don't code their apps for the instantaneous IP change, it could seriously cause major headaches.
Also there would need to be downtime for an IP before it was used again, otherwise I could make a request, (then if hypothetically I changed IPs, and my old one was assigned immediately) the other user with my old IP would recieve the packets. Which could be a huge security risk, if transfering sensitive material.
Could something like this work as a P2P app? where you connect to another machine (VPN_ and uses its inet connection to view other pages/ftp but with everyone having a VPN connection. No logs stored so no way to trace the true source. Seems like it might work but you might get some slow connections but if you need a secure connection you probally are not asking for a high speed T3 line to bounce your traffic to/from.
Just an idea.
I'm assuming their solution is hardware based ("special cards"), with a star topology from the central unit. I'm sure that the special cards will not be running a variation of ethernet, but some other, more secure transport. If it is standard ethernet, the network would be switched.
The "central unit" acts as a switch / router, and allows some kind of address changing. No other hubs / switches are on the network, except perhaps between "central units"
I am assuming that reuters or yahoo is wrong, and this protocol is based on the switching of MAC addresses, rather than IP.
If so, then the whole network would have to be revamped in order to put this in place. Existing routers would most likely not be able to handle MAC switching - perhaps a software upgrade could change that though. I'm pretty sure that the company would just sell their central units as hubs / switches. Why not have a monopoly on the propriatary network that you designed?
So, while they are at it, they might as well couple this with fiber optics, with the central unit watching the strength of the signal for drops (i.e. a fiber optic tap is detectable - unlike ethernet, which can be tapped just by planting something on the cat-5 jacket (CIA $$$$ stuff) - or by cutting into the wire and installing a repeater/sniffer unit. We are talking about fairly expensive "spy" stuff either way.
If not, if the address switching is indeed IP, there would certainly be a way to sniff the network and to filter out MAC adresses from all other data being sent across the network. If the "special cards" or the network were designed to prevent sniffing, that would
Either way - it is essentially security through obsurity, but it makes life a lot harder for those trying to compromise computers - although hosting a server with this would be difficult - unless the Central unit acted as a gateway of some kind.
More info is certainly needed - if someone can post some that would really clear things up.
The slashdot 2 minute between postings limit: /.'ers since Spring 2001.
Pissing off hyper caffeineated
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
... just to trade Metallica songs.
--
When all you have is a hammer, everything looks like a skull.
--I assume full responsibility for my actions, except the ones that are someone else's fault.
Of course, a centralized server would need to route which would be a major bandwidth bottleneck.
And, of course, a centralized server could also be very easily tapped by a Carnivore-like device.
I guess it could scare off a few skript kiddies though.
--I assume full responsibility for my actions, except the ones that are someone else's fault.
What happens when you get a DoS attack from a billion different IP addys? This is a two way street here.
The Blaster Master Fighting for Truth, Justice, and Evil Pie since 1979
(BTW, I've already patented a similar security method: I train packs of chipmunks to plug and unplug 10baseT cables into random ports, thwarting any attempt to break in across the related links.)
--Mike
"Not an actor, but he plays one on TV."
It should be worth making a few more episodes of The Lone Gunmen to exploit it.
it's called a "Dial-up account", and I've been using it's security feature of random IP addresses (aka "dynamic" IP) for years. News sure travels slowly huh
Yeah, crappy ISPs can now advertise their high line drop rates as "security features".
Invicta? Wasn't that the name of the FBI's fake company that snagged those Russian hackers?
Odd that they would have the same name...
Viv
-----------
Viv
Gmail invites for ip
http://www.digitech.org/~tjunkie/idea.html
It's a pretty simple idea, not very flashy, and, oh, it's a freaking bandwidth hog. But, same time, it might be fun to play with.
Ed R.Zahurak
Ed R.Zahurak
You know, oblivion keeps looking better every day.
No, it was a completely fictious company that the FBI invented for this case. (But those names are rather similar. Maybe all spooks think alike?)
perhaps it would be wise now not to expect security on a win box? (but that would definitly be read as a troll)
Doesn't necessarily have to consume bandwith.
Put another way, the router used has to handle all that bandwith anyway, just make it a little smarter.
They ARE out to get you simply because They are in it for themselves and they don't care about you.
Spread spectrum meets NAT.
Still, it looks new and interesting, but it still depends on a lot of out-of-band information, and I'd hate to be in charge of their BGP tables.
//jbaltz
--
I am the Lorvax, I speak for the machines.
I've got a NAT router hooked up to an Earthlink account. The connection gets disconnected every so often and then, voila, a new dialup generates a new IP number.
In a sense, the server is acting as a sort of firewall. (Kindasorta.) If you can persuade the server that you're OK, you get the IP. So the security is in the server. Breach that, and what's next?
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
Maybe, but isn't this just a variant on 'security through obscurity'?
I'd have to say that this is a not-so-clasic example, and in fact a neat idea, but when it comes down to it it's still securing a system through making it difficult to find.
It's admittedly a neat technology, but it it really secure?
--CTH
--
--Got Lists? | Top 95 Star Wars Line
This could work great to hide P2P file sharing.
Will the last company to abandon Linux please turn off the lights??!
Isn't this what Network Address Translation software and dynamic IP addressing are for?
My DSL's IP address changes every 2 weeks. I can manually force it to reset my IP if I release that IP in WINIPCFG on the host PC, though, but I run some servers on my system, so it's better if it stays "static" for longer.
How about simply not let PCs with vital secrets connect outside at all? Seems easier then going through elaborate schemes to protect them. If the network cable isn't plugged in, you're not going to be able to connect to the machine. Period.
I'm only repeating what I thought that book "Secrets and Lies" said. Sorry can't remember the author but he's the kinda famous guy that all cryto people look at.
Two wrongs may not make a right, but three
Image all the fun you would have setting off security allerts on firewalls and intrusion detection devices... Hey guys... back to the lab... OK?
The real difference between the frequency-hopping analogy and reality is the simple fact that unlike FH communications, the internet is supposed to be as interoperable as possible. A Mac can look at the same web page as a Solaris box, or even Windows (if it stays up long enough, obviously, for the page to load). This is accomplished through...wait for it...well-documented and widely disseminated standards. To make the comparison with frequency-hopping systems accurate, you'd need to have all or most transciever manufacturers decide on a few standards, then agree to make all of their systems so that they work with all other ones (by adhering to the standard). And once you do that, how well do you think frequency-hopping will hide what you're saying?
For your security, this post has been encrypted with ROT-13, twice.
They keep moving around so many times a second that the bad guys can't find them. If a bad guy manages to ping an address that's a target, by the time he even types the "n" in "nmap" it's another address.
But the GOOD traffic can find them? How the hell does this thing know the difference? It sounds like they came up with a great way to hide a computer (especially if they end up trying to pretend to be someone else's IP range in the process), but they totally ignore the fundamental problem: how to tell good traffic from bad without a human having to examine it. This has to be some of the worst snake oil I have ever seen.
For your security, this post has been encrypted with ROT-13, twice.
I do a form of this all the time. My cable modem has come under attack a few times, and each time I just release and renew IPs via DHCP and let the router handle all the bandwidth. Coupled with a dynamic DNS and you have a moving target which is accessible to those who you only want it to.
Isn't this just a variation of some kind of dynamic host configuration?
Unfortuantly, in both cases, hit the control server (e.g. DHCP, trn, etc.) and the whole system is down. There is also the cavet that at some point the dynamic address must be available to the public (in my case via dynamic DNS), so if my script kiddies were smart enough, they could have had their program get my address from my DNS server and adjust their attack accordingly. Or taken down the DNS server, so I would have defeated my purpose.
In either case you shouldn't rely on security through haystack and needle methods. You can always burn the haystack if you don't care about the needle.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
Foo - One could do the same thing without all the expensive hardware (it would probably work better too, fewer timing problems to contend with) It's nothing more than an encryption layer added to IP addressing. You'll still need encryption on the packets themselves (unless you don't mind people being able to read everything you write) and a man in the middle attack wouldn't even notice that encryption was happening. Plus they've added an extra point of failure, and you have to trust the party that builds the cards.
Is this like Spread spectrum for IP addresses.
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
Is it possible to predict the outcome of the next IP hop? Does it stay within a predefined range? Must it do for Corporate scenarios? If you can predict the next hop u got em ahead of em, lay a mind and wammo. Whats the IP hop algorithm? any ideas?
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
More like a moving target :)
Duck shoot ne1 :)
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
I have also thought of doing a similar
thing with MAC addresses on top of DHCP
with short leases, for added security.
using iptables, this should be possible,
as you can route packets and change (mangle)
them according to MAC address.. cool shit
I dunno, but it seems like if you wrap a towel around your head so that you can't see your attacker, then, even if he thinks that he can't see you because you can't see him, the rest of us can still tell that you've got a towel wrapped around your head.
--Blair
wouldn't your network DHCP and DNS traffic increase tenfold?
It reminds me a little of ZKS Freedom, which is a GREAT technology for anonymization (Freedom scrambles IP addresses using cryptography), but how much security does anonymization really buy you? Probably not much.. in fact it probably increases your security risks since it removes accountability from the equation.
You kinda have the same thing happening here. I can see how, in principle, something like this would be useful for preventing DoS attacks, or even messing up hackers trying to get in, but at the same time it looks like you're making the job of auditing usage of the network a LOT more difficult, and that creates a big security risk (not to mention removes accountability from network users).
There are a couple issues w/ this company:
I agree w/ the earlier posts, this looks like (at best) security through obscurity.. (+ the word "cyber" is so mid-1990s)..
Paul Sholtz
'The Invicta system uses special cards to link protected computers to a central control unit. It lets clients decide how often they wish to vary IP addresses and specify which applications may be accessed on their network.'"
What they fail to mention is that their Central Control Unit is running an out-of-the-box copy of RedHat 6.0.
-
Seriously; how secure can this be if it is revolving around a single (or cluster) of control units that dictate, record, log, and monitor the IP addresses?
Sounds to me like they're selling us NSA-quality security, along with NSA-approved backdoors and line tapping capability.
-
How about this--instead of having a single control center managing the IP pool, we create a peer-to-peer network where, upon joining, you effectively 'donate' your 'IP address' (some form of tunneling/enscapulation would be in use?) to the community pool.
The network client continuously searches for a new partner to exchange addresses with, based on specified variables, and trades your address with theirs.
Instead of being a one-to-one swap, it's going to be take an address, pass it on.. the first few may be easy to track, but once you've done your 10th or 40th swap (each sequential exchange gives the new partner the address you procured in the last exchange), the paper trail is extensive.
Just a random thought, it may be effective when combined with some existing solutions.
Jason Fisher
In June 2000 the New York Times ran another article (free registration required) about Victor Sheymov.
But, wouldn't the inherent weakness be that central computer which routes everything? I mean even with the expectation that it would be 'high bandwidth ready', wouldn't a d-dos attack be a prime candidate to take it down?
===> An eye for an eye makes everyone blind - MG
Could this bee a hoax? I remember it was only a few weeks ago when the FBI lured two Russian crackers to come to work at a fictitious security company called "Invicta." It was a false front created to lure the crackers into US jurisdiction.
The people that have the greatest need for Internet security are companies/organizations that have a presence on the Internet. These people want patrons to be able to get to their site. In order for people to be able to get to their site, they have to know their IP address. Therefore this technology is not even usable by those who need security the most.
This technology adds only a very small amount of security for your average consumer. Most users' systems are comprimised in one fell swoop and are not the subject of a determined attack because there are always plenty of other possible victims. There are two marginal benefits which I see (although there could very well be more):
We need IPV6 for this more than ever.
Can you imagine the ranges at which people would hop?
This would only really be effective as a hiding mechanism in a rather large organization. A sniffer can still determine that there is a large amount of information flowing between organizations, it just wouldn't be able to tell what. If all you want to do is secure the information, just encrypt a single session. It would be much more efficient.
I suppose if someone wants to write a poor mans' solution, you could just rotate UDP ports rather than actual IPs. This would pretty much befuddle most current sniffing software, it would look like a bunch of small, random sessions rather than one big one. But I still don't quite see what that would get you, the strain on the IP stack and NAT routers would give you an unnecessary performance hit.
Still, I wonder about a few things. First, how can you implement time-based IP-hopping when IP is not time-dependent? That is, what happens when the connection between the two machines encounters a bit of congestion? The destination will have hopped on to a new address and the packetes will never arrive... unless there's something I'm missing.
Second, don't the packets contain things like the MAC address of the ethernet card? Are they saying that their technology either will not include this information, or switch it right along with the IP address?
As glorious as it sounds, somehow I don't see this being nearly as effective against MitM as signal-hopping with radio frequencies. With a radio scanner you would either have to monitor all available frequencies to try to put the session together or synch with the session and hop along with it, which is fairly difficult. However with packet sniffing, everything that passes is available for reading. The only way I can see this being halfway useful is if somehow every address used had a different route between the two machines, which isn't really feasible.
So... it's a nice idea I suppose but it sounds to me like it's mostly hype.
...but only if you don't want to be found by anyone! Clients, yeah, sure (though - have you seen Windows changing IP? Reboot every other microsecond, anyone?), but servers of any description? I remain sceptical...
43rd Law of Computing:
Yeah, thank God we don't need routers on the Internet, that would slow everything to a crawl.
Correction: Thank God the whole Internet doesn't go through a couple of routers run by one company - now that would be painful, but this is what's being proposed, in effect.
43rd Law of Computing:
Will you just quit this troll? It's not new, it's not funny, it's just lame.
43rd Law of Computing: