intrigeri: >>> changing mac gets admin attention > >> Is this a realistic threat model? > > In a setup with a static list of allowed MAC addresses (e.g. a LAN > with desktop computers that get fixed DHCP addresses in function of > their MAC address, and where no other computers are supposed to be > plugged in), any minimal log monitoring system will trigger an alarm. > > I don't think this is unrealistic in enterprise settings, even the > combination of that setup + being able to boot from DVD/USB is > probably not that common. > >>> admin looks for consistent mac > >> How realistic is this threat model? Someone sitting at a desk, >> remembering users and watching their mac address on screen as they boot >> up their notebook? > >> Wouldn't it be much more effective to look over their shoulder or to use >> a miniature camera to spy on them? > > I've no strongly formed opinion on that specific point right now. > > However a good start to discuss it would be to avoid mixing "a network > IDS automatically detects network configuration change events and > raises alerts" with "a specific user is targetted by people who > monitor his/her usage with spy gadgets". I think this only adds > to confusion. > >>> admin looks out for unpopular vendor ids > >> Whenever this is realistic or does not have to be asked, since macchiato >> will solve that. > > ... if, and only if, its lists grow substantially. Last time I've > checked, they still looked dramatically small, and using them would > probably offer attackers means to fingerprint Tails users that we'd > rather avoid. I don't mean improving these lists is impossible, but > I'm afraid we should not act as if it will come for free.
Good points! > Any update on what steps are being taken to improve these lists? No idea. _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
