sniffer/promisc detector

• Previous message (by thread): sniffer/promisc detector
• Next message (by thread): sniffer/promisc detector
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <054c01c3df79$6049c4f0$6401a8c0 at alexh>, "Alexei Roudnev" writes:
>
>
>>
>> Uhm, that would be wrong.  This is simply "security through obscurity".
>Yes, it is wrong for the _smart books_. But it works in real life. Of
>course, it should not be the last line of defense; but it works as a first
>line very effectively.
>

Precisely.  Don't count on security through obscurity -- there are 
targeted attacks, if nothing else -- but *after* you've taken all due 
precautions against a knowledgeable adversary, throwing in some 
obscurity can help, too.   (Want a worked example?  Ask the NSA to 
publish the algorithm for one of their top secret encryption 
algorithms...)

But there's another major caveat:  this sort of obscurity doesn't scale 
very well.  It's fine to put ssh on another port if you have a 
relatively small community of reasonably sophisticated users who can 
cope, or if you can hand out canned configurations to less 
sophisticated users.  But you couldn't easily put SMTP elsewhere, or no 
one could find you.  You'd also have support problems with your user 
base if you tried doing that as an anti-relay technique.

Obscurity works in small, closed communities.  Beyond that, operational 
considerations can kill you.

		--Steve Bellovin, http://www.research.att.com/~smb

• Previous message (by thread): sniffer/promisc detector
• Next message (by thread): sniffer/promisc detector
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]