On Fri, Aug 11, 2006 at 02:38:48PM +0100, Matthew Seaman wrote:
> 
> He's trying to prevent any possibility of information disclosure about
> his servers.  If I wanted to hack into his site, knowing what hosts he
> had running (ie. a bunch of live IP numbers) and what OS etc. each used
> would mean I'm already halfway to my goal.  Now, while the design of
> bsdstats does not disclose that sort of stuff readily, any security
> conscious admin is going to worry about that data being collected and
> held outside of his administrative control.  Having a completely
> anonymous and untraceable token to identify each of the hosts sending
> in information should make connecting the information back to the
> original sender practically impossible.

Yes, this kind of information leakage is particularly bad. Some script
kiddie with a given hammer can go in search of just the right nails, and
find them. If it's some work to extract info it's still worth it for a
tidy list of hosts with a high probability of vulnerability.

> Although, playing devil's advocate here, anyone that could steal the
> Apache log files from the bsdstats server would be able to work out
> that sort of data fairly readily.  I guess the truly paranoid should
> only submit their data via some sort of anonymizing proxy.

It's easier than stealing log files. Anyone with access to traffic
anywhere along the line can sniff this stuff without cracking into
anyone's box.

The suggestion to use a 128-bit random as an ID is a good one.
Further, the stats server should have a public key and data sent to it
should be encrypted. Or submissions could be over SSL.

-- 
Darrin Chandler            |  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to