From owner-freebsd-questions@FreeBSD.ORG Sat Aug 12 06:56:53 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5AEB616A4E1 for ; Sat, 12 Aug 2006 06:56:53 +0000 (UTC) (envelope-from freebsd@dfwlp.com) Received: from zeus.dfwlp.com (zeus.dfwlp.com [208.11.134.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id D12C943D45 for ; Sat, 12 Aug 2006 06:56:52 +0000 (GMT) (envelope-from freebsd@dfwlp.com) Received: from athena.dfwlp.com (athena.dfwlp.com [192.168.125.83]) (authenticated bits=0) by zeus.dfwlp.com (8.13.6/8.13.6) with ESMTP id k7C6unwH049723 for ; Sat, 12 Aug 2006 01:56:49 -0500 (CDT) (envelope-from freebsd@dfwlp.com) From: Jonathan Horne To: freebsd-questions@freebsd.org Date: Sat, 12 Aug 2006 01:56:48 -0500 User-Agent: KMail/1.9.3 References: <20060807003815.C7522@ganymede.hub.org> <44DC8868.4050009@infracaninophile.co.uk> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200608120156.48858.freebsd@dfwlp.com> X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on zeus.dfwlp.com Subject: Re: BSDstats Project v2.0 ... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 06:56:53 -0000 On Friday 11 August 2006 22:29, Nikolas Britton wrote: > On 8/11/06, Matthew Seaman wrote: > > Marc G. Fournier wrote: > > > On Fri, 11 Aug 2006, Nikolas Britton wrote: > > >> Ok... With my new script it took only 158 minutes to compute ALL > > >> TCP/IP address hashes. I'll repeat that... I have an md5 hash for > > >> every IP address in the world! All I need to do is grep your hash and > > >> it will tell me your IP address. yippee! :-) > > > > > > Can someone please explain to me what exactly you are trying to secure > > > against in this case? > > > > He's trying to prevent any possibility of information disclosure about > > his servers. If I wanted to hack into his site, knowing what hosts he > > had running (ie. a bunch of live IP numbers) and what OS etc. each used > > would mean I'm already halfway to my goal. Now, while the design of > > bsdstats does not disclose that sort of stuff readily, any security > > conscious admin is going to worry about that data being collected and > > held outside of his administrative control. Having a completely > > anonymous and untraceable token to identify each of the hosts sending > > in information should make connecting the information back to the > > original sender practically impossible. > > YES! what he said... I don't want ANYTHING to trace back to me or my > systems. > > > Although, playing devil's advocate here, anyone that could steal the > > Apache log files from the bsdstats server would be able to work out > > that sort of data fairly readily. I guess the truly paranoid should > > only submit their data via some sort of anonymizing proxy. > > That's simple, don't keep the log files... > > * Can we trust Marc to delete them? > * I thought this was going to be an official FreeBSD project hosted on > freebsd.org? > * Maybe we should get the OpenBSD people involved? > > Just thinking out loud :-/ honestly, should said security concious admins, really be participating 'using his bosses servers' in this project? probably not. even if all the security consious admins out there decline to have all their datacenters participate in bsdstats, im sure just the ones who decide that the risk of sending the same info your browser does (plus a bit more if you choose and deliberatly enable) is appropriate for them, is still going to give one hell of a great demographic report to bsdstats. 2 cents, jonathan