1996-08-14 - Re: [NOISE] Geek Apartments and Etherpunks

Header Data

From: Rich Graves <rich@c2.org>
To: cypherpunks@toad.com
Message Hash: 8a36c645e79fbc39539a8259b564d0df142396784ac025851d138210ab1eb223
Message ID: <Pine.GUL.3.95.960813221411.8341A-100000@Networking.Stanford.EDU>
Reply To: <Pine.BSF.3.91.960814043926.771A-100000@mcfeely.bsfs.org>
UTC Datetime: 1996-08-14 07:52:19 UTC
Raw Date: Wed, 14 Aug 1996 15:52:19 +0800

Raw message

From: Rich Graves <rich@c2.org>
Date: Wed, 14 Aug 1996 15:52:19 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Geek Apartments and Etherpunks
In-Reply-To: <Pine.BSF.3.91.960814043926.771A-100000@mcfeely.bsfs.org>
Message-ID: <Pine.GUL.3.95.960813221411.8341A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Any lingering cypherpunk-relevant curiosity should probably be directed to
http://cougar.haverford.edu/resnet96/repeaters.html ]

On Wed, 14 Aug 1996, Rabid Wombat wrote:
> On Tue, 13 Aug 1996, Rich Graves wrote:
> > On Tue, 13 Aug 1996, Ben Combee wrote:
> > 
> > The "secure hubs" at GATech don't do encryption -- no way could that be done
> > at wire speed. What they do is fill the data portion of the Ethernet packet
> > with nulls. Everyone gets to see the source and destination MAC address and
> > length of every packet, but only the recipient (or a very clever spoofer --
> > most of the "secure hubs" on the market have a few vulnerabilities) gets
> > the data.
> 
> What vulnerabilities? I've heard tell of some(?) that "leak" unscrambled 
> packets if flooded with extreme traffic levels, but have never seen or 
> verified this. Got any specifics?

Change your MAC address to be the same as the hub's. 3Com recently fixed
this. Others might not have. 

> > As far as real-world geek apartments go, I heard of one in Manhattan that
> > worked exactly as described. I don't know whether they run "secure hubs."
> > Presumably they would -- I can't think of a major manufacturer's manageable
> > 10BaseT hub that lacks MAC address lockout features.
> 
> Most manufacturers offer SNMP-manageable hubs, but these don't offer 
> MAC-layer security. That usually costs a lot extra. The MAC-layer feature 
> is not widely used.

That was true six months ago, but 3Com, Allied, Cabletron, Synoptics, HP,
UB, and others now include it as a matter of course. Asante is the notable
exception. There are some kooks out there, like the people at RIT, who think
that everyone needs switched ports; and a few cheapskates, like management
at a major university in the Palo Alto area, who stick with Asante because
it's cheapest, and trust students to be nice (or at least nice enough to get
caught). 

> btw - if I were in an apartment environment, I'd want the "secure hubs",
> and would verify that they're actually in the secure mode. They usually
> have a "learning" mode, where they simply register the MAC address most
> recently assigned to each port (sort of like learning bridges - this saves
> a lot of manual entry). Of course, if left in this mode, they don't do a
> thing for security.

Sure they do. You'd have a reasonable assurance that wherever you went,
you'd be the only one seeing your packets -- assuming the backbone is
secure, which you need to assume anyway if you're not doing packet, session,
or application-layer encryption (which is the ultimate goal). The roving
portable computer is a pretty common case nowadays. The only thing a static
table gets you is intruder control. 

-rich






Thread