Seems like security through obscurity revamped. I agree that the dns
servers would have a hard time keeping up and would imply also that the
s'kiddies launching these attacks are launching against specific IPs and
not resolvable domain names. Logic Breakdown #1. Paul is right on -
if a customer can connect, so can a hacker. If I start a SYN flood (or
whatever the DoS du jour is) to MyDomain.com then it doesn't matter what
the IP of that second is, something needs to provide a vehicle for the
legit customer to access that resource. My opinion, this is just some
'new technology' for the sake of having some new technology.
(Just my 1/6 peso)
Dean Michael Dorman
Network Administrator
-----Original Message-----
From: Paul Murphy [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 13, 2001 8:45 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Has anyone heard of this?
Sounds... nonsense.
If you have a service that the outside world needs to connect to, then
you have to provide a way for that to happen. A "hacker" can connect by
the same mechanism.
If this is intended to make snooping more difficult, which is implied by
the article, then so what really. Who sniffs anyway?
>>> "Eric Johnson" <[EMAIL PROTECTED]> 6/13/2001 11:43:03 am >>>
>From <http://news.zdnet.co.uk/story/0,,s2087257,00.html>:
The new system can change the cyber-addresses
on a network faster than once a second, cloaking
them from all but authorized parties, said Victor
Sheymov -- founder, president, and chief executive
of Invicta Networks.
...
Standard approaches to computer security rely on
encryption, or data scrambling, plus devices such
as firewalls aimed at screening out abnormal traffic
patterns that look threatening.
But any network protected this way is a sitting duck
for a determined hacker, Invicta said. Instead, it
puts the network in cybermotion through a
continuous change of "Internet Protocol" addresses --
the chain of digits underlying the Web to route traffic
to its destination.
The Invicta system uses special cards to link
protected computers to a central control unit. It lets
clients decide how often they wish to vary IP addresses
and specify which applications may be accessed on
their network. The number of IP addresses drawn on may
be in the billions thanks to an artificial increase in
cyberspace, Sheymov said.
I've been pretty busy lately so this could have been discussed on
this mailing list and I could easily have missed it.
Anyway, changing ip addresses once a second would seem to
make it pretty tough for DNS servers to keep up. And even tougher
on maintaining a connection to the host.
Eric Johnson
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------------------------------------------------
---------------------------------------------------
CRESTCo Ltd. The views expressed above are not necessarily
those
33 Cannon Street. held by CRESTCo Limited.
London EC4M 5SB (UK)
+44 (020) 7849 0000 http://www.crestco.co.uk
------------------------------------------------------------------------
---------------------------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
