From: Rabid Wombat <wombat@mcfeely.bsfs.org>
To: Rich Graves <rich@c2.org>
Message Hash: ddc7eaf72c5d518576b2db2dcb3665b8305b32c9114b18c5946897f006088699
Message ID: <Pine.BSF.3.91.960814043926.771A-100000@mcfeely.bsfs.org>
Reply To: <Pine.GUL.3.95.960813140118.5632A-100000@Networking.Stanford.EDU>
UTC Datetime: 1996-08-14 07:32:38 UTC
Raw Date: Wed, 14 Aug 1996 15:32:38 +0800
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 14 Aug 1996 15:32:38 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: [NOISE] Geek Apartments and Etherpunks
In-Reply-To: <Pine.GUL.3.95.960813140118.5632A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.BSF.3.91.960814043926.771A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain
On Tue, 13 Aug 1996, Rich Graves wrote:
> On Tue, 13 Aug 1996, Ben Combee wrote:
>
>
> The "secure hubs" at GATech don't do encryption -- no way could that be done
> at wire speed. What they do is fill the data portion of the Ethernet packet
> with nulls. Everyone gets to see the source and destination MAC address and
> length of every packet, but only the recipient (or a very clever spoofer --
> most of the "secure hubs" on the market have a few vulnerabilities) gets
> the data.
What vulnerabilities? I've heard tell of some(?) that "leak" unscrambled
packets if flooded with extreme traffic levels, but have never seen or
verified this. Got any specifics?
>
> If you run a packet sniffer, all you get are CRC errors (in order to
> maintain wire speed, the non-destination ports don't compute one).
>
> As far as real-world geek apartments go, I heard of one in Manhattan that
> worked exactly as described. I don't know whether they run "secure hubs."
> Presumably they would -- I can't think of a major manufacturer's manageable
> 10BaseT hub that lacks MAC address lockout features.
Most manufacturers offer SNMP-manageable hubs, but these don't offer
MAC-layer security. That usually costs a lot extra. The MAC-layer feature
is not widely used.
>
> OTOH, I've heard tell that several of the residential coax experiments run
> promiscuously. Everything your neighbor does online, you can see with the
> right software.
>
If it is Ethernet (or any baseband technology, AFAIK), and on coax, then
of course it is "promiscuous." All devices must see the packet; they're
on a bus. The 10T hubs also follow the "all devices must see the packet
rule", but by design; a packet is received on the "recieve" pair of one
port, and transmitted on the "xmit" pairs of all ports. The secure hubs
overwrite the data payload with "junk" first - no encryption involved,
nothing to crack, and, as you've pointed out, without recomputing CRC.
btw - if I were in an apartment environment, I'd want the "secure hubs",
and would verify that they're actually in the secure mode. They usually
have a "learning" mode, where they simply register the MAC address most
recently assigned to each port (sort of like learning bridges - this saves
a lot of manual entry). Of course, if left in this mode, they don't do a
thing for security. On the flip side, if sucured, and you change network
cards, or bring that laptop home from the office, etc. you won't be able
to use it without the intervention of the hub's administrator.
And yes, packet sniffers are easy to get a hold of; freeware is abundant.
Anyone can easily use one on a segment they've got access to.
- r.w.
> -rich
>
>
Return to August 1996
Return to ““Yanni” <jon@aggroup.com>”