From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 11 13:39:37 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C83DB16A4DA;
	Fri, 11 Aug 2006 13:39:37 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk
	[81.187.76.162])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4468043D8C;
	Fri, 11 Aug 2006 13:39:20 +0000 (GMT)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from [IPv6:::1] (localhost [IPv6:::1])
	by smtp.infracaninophile.co.uk (8.13.6/8.13.6) with ESMTP id
	k7BDct5M086008; Fri, 11 Aug 2006 14:38:55 +0100 (BST)
	(envelope-from m.seaman@infracaninophile.co.uk)
Authentication-Results: smtp.infracaninophile.co.uk
	from=m.seaman@infracaninophile.co.uk; sender-id=softfail;
	spf=softfail
X-SenderID: Sendmail Sender-ID Filter v0.2.14 smtp.infracaninophile.co.uk
	k7BDct5M086008
Message-ID: <44DC8868.4050009@infracaninophile.co.uk>
Date: Fri, 11 Aug 2006 14:38:48 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Organization: Infracaninophile
User-Agent: Thunderbird 1.5.0.5 (X11/20060801)
MIME-Version: 1.0
To: "Marc G. Fournier" <scrappy@freebsd.org>
References: <20060807003815.C7522@ganymede.hub.org>	<20060808201359.S7522@ganymede.hub.org>	<44D91F02.90107@mawer.org>
	<20060808212719.L7522@ganymede.hub.org>
	<20060809072313.GA19441@sysadm.stc>	<20060809055245.J7522@ganymede.hub.org>	<44D9F9C4.4050406@utdallas.edu>
	<20060809130354.U7522@ganymede.hub.org>	<ef10de9a0608091700x6cc268ear6566c26f93f1fdf0@mail.gmail.com>
	<ef10de9a0608100327r5b402d64xc4eef38a4f61ba4e@mail.gmail.com>	<ef10de9a0608110342q62f81fc8p5fb4b4df37595593@mail.gmail.com>
	<20060811100914.U7522@ganymede.hub.org>
In-Reply-To: <20060811100914.U7522@ganymede.hub.org>
X-Enigmail-Version: 0.94.0.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enig913D2BAFC5050DCAD56A63D0"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2
	(smtp.infracaninophile.co.uk [IPv6:::1]);
	Fri, 11 Aug 2006 14:39:16 +0100 (BST)
X-Virus-Scanned: ClamAV 0.88.4/1646/Fri Aug 11 10:51:17 2006 on
	happy-idiot-talk.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,
	DKIM_POLICY_TESTING,NO_RELAYS autolearn=ham version=3.1.4
X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on 
	happy-idiot-talk.infracaninophile.co.uk
Cc: Paul Schmehl <pauls@utdallas.edu>,
	Nikolas Britton <nikolas.britton@gmail.com>, freebsd-questions@freebsd.org
Subject: Re: BSDstats Project v2.0 ...
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2006 13:39:38 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig913D2BAFC5050DCAD56A63D0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Marc G. Fournier wrote:
> On Fri, 11 Aug 2006, Nikolas Britton wrote:
>=20
>> Ok... With my new script it took only 158 minutes to compute ALL
>> TCP/IP address hashes. I'll repeat that... I have an md5 hash for
>> every IP address in the world! All I need to do is grep your hash and
>> it will tell me your IP address. yippee! :-)
>=20
> Can someone please explain to me what exactly you are trying to secure
> against in this case?

He's trying to prevent any possibility of information disclosure about
his servers.  If I wanted to hack into his site, knowing what hosts he
had running (ie. a bunch of live IP numbers) and what OS etc. each used
would mean I'm already halfway to my goal.  Now, while the design of
bsdstats does not disclose that sort of stuff readily, any security
conscious admin is going to worry about that data being collected and
held outside of his administrative control.  Having a completely
anonymous and untraceable token to identify each of the hosts sending
in information should make connecting the information back to the
original sender practically impossible.

Although, playing devil's advocate here, anyone that could steal the
Apache log files from the bsdstats server would be able to work out
that sort of data fairly readily.  I guess the truly paranoid should
only submit their data via some sort of anonymizing proxy.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW


--------------enig913D2BAFC5050DCAD56A63D0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE3Ihv8Mjk52CukIwRCGPlAJ45LJoy6AlwaU9criHmaOo2s49/fwCgj2VT
E320fI5C0pmg5lanp7xzlwA=
=1ebx
-----END PGP SIGNATURE-----

--------------enig913D2BAFC5050DCAD56A63D0--