1996-08-14 - Re: [NOISE] Geek Apartments and Etherpunks

Header Data

From: Rabid Wombat <wombat@mcfeely.bsfs.org>
To: Rich Graves <rich@c2.org>
Message Hash: ddc7eaf72c5d518576b2db2dcb3665b8305b32c9114b18c5946897f006088699
Message ID: <Pine.BSF.3.91.960814043926.771A-100000@mcfeely.bsfs.org>
Reply To: <Pine.GUL.3.95.960813140118.5632A-100000@Networking.Stanford.EDU>
UTC Datetime: 1996-08-14 07:32:38 UTC
Raw Date: Wed, 14 Aug 1996 15:32:38 +0800

Raw message

From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 14 Aug 1996 15:32:38 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: [NOISE] Geek Apartments and Etherpunks
In-Reply-To: <Pine.GUL.3.95.960813140118.5632A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.BSF.3.91.960814043926.771A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 13 Aug 1996, Rich Graves wrote:

> On Tue, 13 Aug 1996, Ben Combee wrote:
> 
> 
> The "secure hubs" at GATech don't do encryption -- no way could that be done
> at wire speed. What they do is fill the data portion of the Ethernet packet
> with nulls. Everyone gets to see the source and destination MAC address and
> length of every packet, but only the recipient (or a very clever spoofer --
> most of the "secure hubs" on the market have a few vulnerabilities) gets
> the data.

What vulnerabilities? I've heard tell of some(?) that "leak" unscrambled 
packets if flooded with extreme traffic levels, but have never seen or 
verified this. Got any specifics?

> 
> If you run a packet sniffer, all you get are CRC errors (in order to
> maintain wire speed, the non-destination ports don't compute one). 
> 
> As far as real-world geek apartments go, I heard of one in Manhattan that
> worked exactly as described. I don't know whether they run "secure hubs."
> Presumably they would -- I can't think of a major manufacturer's manageable
> 10BaseT hub that lacks MAC address lockout features.

Most manufacturers offer SNMP-manageable hubs, but these don't offer 
MAC-layer security. That usually costs a lot extra. The MAC-layer feature 
is not widely used.

> 
> OTOH, I've heard tell that several of the residential coax experiments run
> promiscuously. Everything your neighbor does online, you can see with the
> right software.
> 

If it is Ethernet (or any baseband technology, AFAIK), and on coax, then 
of course it is "promiscuous." All devices must see the packet; they're 
on a bus. The 10T hubs also follow the "all devices must see the packet 
rule", but by design; a packet is received on the "recieve" pair of one 
port, and transmitted on the "xmit" pairs of all ports. The secure hubs 
overwrite the data payload with "junk" first - no encryption involved, 
nothing to crack, and, as you've pointed out, without recomputing CRC.

btw - if I were in an apartment environment, I'd want the "secure hubs",
and would verify that they're actually in the secure mode. They usually
have a "learning" mode, where they simply register the MAC address most
recently assigned to each port (sort of like learning bridges - this saves
a lot of manual entry). Of course, if left in this mode, they don't do a
thing for security. On the flip side, if sucured, and you change network
cards, or bring that laptop home from the office, etc. you won't be able
to use it without the intervention of the hub's administrator. 

And yes, packet sniffers are easy to get a hold of; freeware is abundant. 
Anyone can easily use one on a segment they've got access to.

- r.w.


> -rich
> 
> 





Thread