Date: Fri, 11 Aug 2006 20:29:17 -0700 From: "Nikolas Britton" <nikolas.britton@gmail.com> To: "Matthew Seaman" <m.seaman@infracaninophile.co.uk> Cc: Paul Schmehl <pauls@utdallas.edu>, "Marc G. Fournier" <scrappy@freebsd.org>, freebsd-questions@freebsd.org Subject: Re: BSDstats Project v2.0 ... Message-ID: <ef10de9a0608112029s46dd1f78h56f45548e79061d0@mail.gmail.com> In-Reply-To: <44DC8868.4050009@infracaninophile.co.uk> References: <20060807003815.C7522@ganymede.hub.org> <20060809072313.GA19441@sysadm.stc> <20060809055245.J7522@ganymede.hub.org> <44D9F9C4.4050406@utdallas.edu> <20060809130354.U7522@ganymede.hub.org> <ef10de9a0608091700x6cc268ear6566c26f93f1fdf0@mail.gmail.com> <ef10de9a0608100327r5b402d64xc4eef38a4f61ba4e@mail.gmail.com> <ef10de9a0608110342q62f81fc8p5fb4b4df37595593@mail.gmail.com> <20060811100914.U7522@ganymede.hub.org> <44DC8868.4050009@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/11/06, Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote: > Marc G. Fournier wrote: > > On Fri, 11 Aug 2006, Nikolas Britton wrote: > > > >> Ok... With my new script it took only 158 minutes to compute ALL > >> TCP/IP address hashes. I'll repeat that... I have an md5 hash for > >> every IP address in the world! All I need to do is grep your hash and > >> it will tell me your IP address. yippee! :-) > > > > Can someone please explain to me what exactly you are trying to secure > > against in this case? > > He's trying to prevent any possibility of information disclosure about > his servers. If I wanted to hack into his site, knowing what hosts he > had running (ie. a bunch of live IP numbers) and what OS etc. each used > would mean I'm already halfway to my goal. Now, while the design of > bsdstats does not disclose that sort of stuff readily, any security > conscious admin is going to worry about that data being collected and > held outside of his administrative control. Having a completely > anonymous and untraceable token to identify each of the hosts sending > in information should make connecting the information back to the > original sender practically impossible. > YES! what he said... I don't want ANYTHING to trace back to me or my systems. > Although, playing devil's advocate here, anyone that could steal the > Apache log files from the bsdstats server would be able to work out > that sort of data fairly readily. I guess the truly paranoid should > only submit their data via some sort of anonymizing proxy. > That's simple, don't keep the log files... * Can we trust Marc to delete them? * I thought this was going to be an official FreeBSD project hosted on freebsd.org? * Maybe we should get the OpenBSD people involved? Just thinking out loud :-/ -- BSD Podcasts @: http://bsdtalk.blogspot.com/ http://freebsdforall.blogspot.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ef10de9a0608112029s46dd1f78h56f45548e79061d0>