km@EMORY.ARPA.UUCP (02/15/87)
How difficult is it to do ethernet address impersonation without hardware (including eprom) modification in commonly available workstations? For example, we have: Sun 3's, Microvaxen, 3B2s, 3B1's, and IBM PCs with 3-COM cards. On which of these could the Super user (or any user on the PC), alter his ethernet address in software without taking the box apart? I realize this is one tiny aspect of security, but it is one our administration has seized upon. It turns out our departmental ethernets are linked with filtered bridges, which have a naive filtering criteria. If they have ever seen an ethernet packet with a given source address on an ethernet, they will from then on pass all packets with that destination address accross the bridge to that ethernet.
BEAME@MCMASTER.BITNET.UUCP (02/16/87)
> How easy is it to impersinate another ethernet address on a ...
On an IBM-PC with 3-Com card, all one has to do to impersonate an ethernet
address is to output the desired address to an I/O port on the card and you
have become that address.
If you have Micro-Vaxen running VMS and NO other network activity is being
used such as DECNET, then with privilege you can become any ethernet address.
I wanted to say the following when the "security messages" were flying, but
I just didn't get around to it.
Well here goes : The only method of making ethernet "Semi-secure" is to encrypt
the data packets. But the question of what method of encryption is
appropriate and feasable seems to bog down the incorporation of encryption
into protcols like TCP/IP.
Why can't a range of encryption methods be used, from XOR's to DES, and
make an IP option which indicates the "highest level" that an
implementation supports. The option also could be used to indicate the desired
security level and the level that is obtainable with the current connection.
This way PC/IP's can implement low level encryption and still be
compatible with more sophisticated implementions.
Carl Beame
BEAME@MCMASTER.BITNET
WITLICKI@WILLIAMS.BITNET.UUCP (02/17/87)
>From: Ken Mandelberg <KM@EMORY.ARPA> >Subject: Ethernet Security > > How difficult is it to do ethernet address impersonation without > hardware (including eprom) modification in commonly available >workstations? For example, we have: Sun 3's, Microvaxen, 3B2s, >3B1's, and IBM PCs with 3-COM cards. On which of these could... > >I realize this is one tiny aspect of security, but it is one our >administration has seized upon. It turns out our departmental >ethernets are linked with filtered bridges, which have a naive... Hardware ethernet addresses and university administrative worries are almost two separate issues. Perhaps M. Padlipsky can fill us in on the finer points of layering manners here.. The hardware (rom) says Boot Me Now, please... If I don't need to be booted off of your file server I may not need a special hardware address. Up a few layers you have Mail From: things flying around... The filtering bridges are almost irrelevant. I can break into the wiring closet where the college president's phone line is, I may tap into the comm. link for your IBM mainframe which probably doesn't have link level encryption... but that takes involved intent and effort; I think you are asking - what about the hacker in a lab with a PC with an ethernet card? Keep the academic (students) stuff *physically* separate from your sensitive data (i.e. administrative systems) - randy
ROODE%BIONET@SUMEX-AIM.STANFORD.EDU.UUCP (02/19/87)
The Bridges aren't irrelevant in the extent that even as they may sound elegant in the sense of permitting geographical growth to occur transparently, they do so at the expense of the administrative controls normally associable with a physical ethernet (as few as those may be). If the gateways were of a less transparent variety, some additional protection against impersonation would be provided. If the gateways are sensitive to the identity of the sender of the packets they are routing, and you trust your gateways, you have some idea of at least the physical ethernet on which packets originate. -------
PADLIPSKY@A.ISI.EDU.UUCP (02/23/87)
Apologies for the delay; my linkage to the List has been temporarily broken (for about a month now) and it was only through the good offices of a colleague that I learned my expertise had been appealed for/to a week or so ago. By a happy coincidence, the extra time meant that I was able to confer with Jon Postel on the subtle technophilosophical questions posed (during the course of a conversation on a far less intriguing topic), so my response is actually even more profound than it might have been had it been more timely. Of course, on the very first point we couldn't quite agree: I hold that Ethernet physical addresses must be somewhere between L 1.9 and L 2.1, whereas Jon says 1.7-2.7 (or was it .7-2.7?). We did agree that they can't be at -1 because that's where X.75 is, and I'm confident they can't be at 0 since whatever "Sevice Access Points" mean they don't seem to be any better equipped to deal with zero-indexing than any of us. (Probably a great deal less so, come to think of it.) I also believe Jon would agree that if Bob Metcalfe wanted to argue that in "the real Ethernet/XNS" they could also be viewed as being at L 3 we'd have to consider such a view favorably, even if it is rather meta-Physical. (Didn't mean to be overconstraining: Dave Boggs could also make the argument--even John Schoch, if I could remember how to spell his name.) The even harder problem as to what layer university administrators' phobias belong in did get a joint resolution, however: 68i. (The analysis was too involved and esoteric to do justice to in this medium, unfortunately.) Thanks for asking; it's always a pleasure to be of service. (Better CC: me directly for the time being if there's anything else you want to know: the linkage is still flakey and I won't even be pretending to glance at all msgs for some time [if ever].) glossabuccal cheers, map -------