On Tue, 24 Aug 2004 19:28:28 EDT, "Serge E. Hallyn" said: > > What security purpose does it serve to hide the existence of a network > > interface? > > > > I don't think this patch has much chance of upstream acceptance. > > Is this the generally accepted view? My hope was that the fact > that these will not affect networking performance would make them > more acceptable. I think he meant that he didn't think it was going to fly, totally regardless of the performance issue, unless there was a clear-cut security advantage to being able to hide the existence of a network interface. And actually, I'm having a hard time seeing what the win is either, given that there's a *lot* of information leakage issues. For instance, it's probably possible to intuit the IP address bound to the interface (which is probably more interesting than the mere existence of the interface in most cases) by looking at 'netstat -a' and/or 'netstat -r'. Similarly, the interface/IP may be mentioned elsewhere (think "Received:" headers on an e-mail)..... About the only case I can think of when the *interface* is of any real interest is if you wish to conceal the existence of an *unbound* interface that's running Kismet or a packet sniffer, and doing that on a system that has potentially hostile processes running on it seems dodgy at best....
This archive was generated by hypermail 2.1.3 : Wed Aug 25 2004 - 11:13:04 PDT