From owner-freebsd-security Tue Sep 7 19:21: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from mta2.snfc21.pbi.net (mta2.snfc21.pbi.net [206.13.28.123]) by hub.freebsd.org (Postfix) with ESMTP id 4308714EE6 for ; Tue, 7 Sep 1999 19:21:00 -0700 (PDT) (envelope-from madscientist@thegrid.net) Received: from remus (adsl-63-193-246-169.dsl.snfc21.pacbell.net [63.193.246.169]) by mta2.snfc21.pbi.net (8.9.3/8.9.3) with SMTP id TAA29356; Tue, 7 Sep 1999 19:18:40 -0700 (PDT) Message-Id: <4.1.19990907190442.0096ada0@mail.thegrid.net> X-Sender: i289861@mail.thegrid.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 07 Sep 1999 19:19:14 -0700 To: dmp@aracnet.com, ks@itp.ac.ru From: The Mad Scientist Subject: Re: Layer 2 ethernet encryption? Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <37D4BCC2.34AFAE9D@aracnet.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:20 AM 9/7/99 -0700, dmp@aracnet.com wrote: >"Sergey S. Kosyakov" wrote: >> On 07-Sep-99 dmp@aracnet.com wrote: >>> "Sergey S. Kosyakov" wrote: >>>> On 07-Sep-99 dmp@aracnet.com wrote: >I have two problems. The first is that EM emissions on UTP allows >one to monitor all traffic on that cable. The second is that a >sniffer run on an authorized machine will be able to see the source >and destination IP and port of all IP traffic on it's segment. > >I want to fix both problems. Encrypting everything above layer 2 >does this. The only determinable aspects of the packets would be >the source and destination MAC addresses, relatively sufficient >security given the security policy and topology of the network in >question. I do not claim to understand driver writing, but what about ripping out the code that puts the NIC into promiscous mode? You would have to modify the code that allows the driver to change its MAC address, probably. But if you have good network monitors, you should be able to detect a machine that is pretending to be someone else pretty quickly. It's not encryption, but if you're blind, you can't read the written word. It doesn't solve your EM problems either. 'Course, I guess any user with half a brain could go out and get the original driver and put it in place -- this being an open source solution. So, I guess it's not such a good idea after all. I'll send this anyway, in case it starts people thinking. Please redirect flames to /dev/null. Dean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message