Slashdot Mirror
Security Through Varying IPs
alanjstr writes "Reuters is reporting that an ex-CIA director and ex-KGB man have come together and developed a new way of 'hiding' internet communications. It does this by IP hopping: 'The Invicta system uses special cards to link protected computers to a central control unit. It lets clients decide how often they wish to vary IP addresses and specify which applications may be accessed on their network.'" I've always wondered if there could be a way through software to do this. Of course, a centralized server would need to route which would be a major bandwidth bottleneck.
- Your clients must all use this technology. This is fine for building a VPN, but it does nothing for building services which must be announced to the public.
- The quote: "The number of IP addresses drawn on may be in the billions thanks to an artificial increase in cyberspace, Sheymov said," makes me wonder. Are they refering to IPv6 or to private addresses? If we're talking IPv6, then I'm very concerned because I don't want to see every company on the planet sucking up billions of addresses per application. That would make the increase to 128 bits pointless. If they're talking about private addresses, you still have to map to an external address at some point, and that's your weak link.
- Since when do we expect the former head of the CIA to sell security solutions without back doors?
- On the other hand, since when do we expect the former head of the CIA to have a technical clue when endorsing products?
Color me skeptical....All this sounds like is a time based routing mechanism nothing more, and I don't really see how changing the IP address is going to save a misconfigured machine. For one, somewhere down the line the address is going to delegate out, so if say someone is browsing via 10.10.1.16 and they're browsing say something on my server and my logs show:
198.81.129.14
"http://www.antioffline.com/cia-soviet/" "Mozilla/4.0 (compatible; MSIE 5.5;Windows NT 5.0)"
Then about one second later
198.81.129.193 "http://www.antioffline.com/cia-soviet/" "Mozilla/4.0 (compatible; MSIE 5.5;Windows NT 5.0)"
Now this is typically another visitor or whatever, but if the connections were so repetitive enough with the same browser fingerprint coming through I can probably correlate them both together by their netblocks depending on who owned the block. So unless they plan on purchasing completely obsolete netblocks like say 198.81.129.0-255 then 198.83.0.0.-255 than how do they expect to stay obscured from view? Keep in mind that there are hardly any complete netblocks to purchase in that fashion (class A s close to impossible), so what are they really planning on doing?
Now if they partnered with ISP's to snag dhcp addresses not being used from a wide variety of places, say Earthlink here, MomandPopISP there, then it'd be a plus for them however simple traceroutes, and block lookups can give you their information. (who owns the block etc)
All it sounds like is a sort of a dhcp-round-robbin-routing set up which is not going to save them still, if someone is really intent on getting access to their networks, they'd run out of address ranges before their scheme would work.
Now on the spook/snoop side of things... I say TMTOWTPGPSAM! (There's More Than One Way To Sign PGP Sign A Message) to keep info from eyes other than the intended recipient.
Want Root?
--
When all you have is a hammer, everything looks like a skull.
--I assume full responsibility for my actions, except the ones that are someone else's fault.
Maybe, but isn't this just a variant on 'security through obscurity'?
I'd have to say that this is a not-so-clasic example, and in fact a neat idea, but when it comes down to it it's still securing a system through making it difficult to find.
It's admittedly a neat technology, but it it really secure?
--CTH
--
--Got Lists? | Top 95 Star Wars Line
More like a moving target :)
Duck shoot ne1 :)
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong