Forgot your password?
typodupeerror
The Internet

Security Through Varying IPs 127

Posted by CmdrTaco
from the well-it-could-work dept.
alanjstr writes "Reuters is reporting that an ex-CIA director and ex-KGB man have come together and developed a new way of 'hiding' internet communications. It does this by IP hopping: 'The Invicta system uses special cards to link protected computers to a central control unit. It lets clients decide how often they wish to vary IP addresses and specify which applications may be accessed on their network.'" I've always wondered if there could be a way through software to do this. Of course, a centralized server would need to route which would be a major bandwidth bottleneck.
This discussion has been archived. No new comments can be posted.

Security Through Varying IPs

Comments Filter:
  • Iridium did not fail from mere financial woes. It was KILLED.

    Satellite phones are the ultimate stealth device. The best they could do is trace you to the western hemisphere. Iridium didn't fail. It was killed by a collusion of law-enforcement agencies and world govt's that still have monopolies on their telcos. They saw Iridium as an "illegal circunvention device" to get around local monopolies. And law enforcement saw the potential for hiding from any trace.

  • it's called a "Dial-up account", and I've been using it's security feature of random IP addresses (aka "dynamic" IP) for years. News sure travels slowly huh
  • But the GOOD traffic can find them? How the hell does this thing know the difference?

    As someone else kindly pointed out, this is the same as frequency hopping in radio communications. You change frequency so often that an observing third party can't pick out the whole conversation. In fact (in the radio world), your communications pretty much just look like noise. This requires a fast processor, though, to implement properly.

    Now, I admit, I haven't read the article, so this is a mostly uninformed point of view. However, if they plan to implement it anything like frequency hopping, I'm betting that the idea here is that this is for communication between two hosts that are aware of each other. They agree upon some IP hopping pattern at the beginning of the communication or even before the communication begins or figure out what the pattern is based on some set of acceptable patterns or, well, you get the idea. From that point on, the receiver listens for communications at the IPs that fall in the agreed-upon pattern. Whala, you are suddenly able to pick out the GOOD traffic. In order for it to be really secure, you need to be using IP hopping in both directions.



  • It works either way.
  • ZKS's Freedom [fredom.net] is SOOOOO much better than this product it's rediculous. This is so far from revolutionary I doubt serious security people will pay much attention to it.
  • Ugh.. sorry for the typeoh... It's Freedom [freedom.net].
  • by jd (1658)
    Been there, done that, downloaded the kernel t-patch. :)
  • This is something that's been done for a while by gov't orgs. If your one of the primary objectives is security , something like this is developed "in-house" because they were creating a unique security measures. They can afford a boatload of IPs. This is not to be confused with security through obfuscation - the specifications of how this has being done has been kept secret since it is something intended for internal use. If everybody knows how this is handled (special routing, etc.) then it makes it easier to poke holes in the open protocol. This is one of the occasions where I would support a closed specification (I'm usually in favor of open standards).
  • ahh, another failure of mine to proofread, excuse the poor grammar:

    the specifications of how this has being done
    should be
    the specifications for how this has been done

    It's tough writing comments on the run!
  • Nah, that was a company called "invita" that was actually a company in washington state pretending along with the FBI.
  • A company I used to work for had a similar technology to prevent people from dialing into their servers. You would get a card that had an LCD and every few minutes the code would change. When you logged into the ppp server you had to provide the proper code to log in. It was a pain to carry this thing around with you but it worked.

    Even though this technology is a bit different I don't see it being that great for security. Inside a corporate network this would be fine but on the internet this would be useless.

    - If my IP address rotated all of the time how do my packets get back to me?
    - Do these guys have to be my ISP? Wouldn't that mean that they would act as a firewall/router to the outside world?

    I think I'll stick with encryption.
  • Nah,

    It was a small hydro company. At least someone there was a little pro-active about security.
  • Second, don't the packets contain things like the MAC address of the ethernet card?

    Yes, but this changes with every hop of the packet. The initial MAC ID is from your computer, and is the MAC ID of your NIC.

    Once this packet hits the first router, it forwards the packet and it now contains the MAC ID of the router's NIC.

    The only time tracking MAC IDs is usefull is if you are on a broadcast LAN, like ethernet w/ dumb hubs, and you can sniff traffic. Otherwise, its all the routers/switches MACs...
  • I think it's more like iptables -t nat -A POSTROUTING -s internalnet -j SNAT --to 10.1.1.1-10.1.1.254. Whoopie. My firewall has been doing that since I stuck iptables on it. I wouldn't think that it'd take much to randomly select a source IP instead of the current sequential selection...
  • How am I supposed to use IP based authentication on a moving target user? It's hard enough authenticating PPP(oE)/dhcp users. hosts.allow would have to become a process to let legitimate users in, and as such, security is weakened. What if the process freaks out, segfaults, zombies.....what about IP spoofing as eggshell code?

    Do I have to prompt for a kerberos session every time the IP changes during a session? How easy would it be to hijack the session by fooling the stack into thinking that it legitimately changed to the attacker's IP? How easy would it be to DoS via spoofing parts of the protocol?

    Frequency hopping radios are nifty, but we're not talking about beaming light. IP is much more complicated, and has more weak points.
  • We already have an IP shortage! what if everyone started hopping IP's?

    havn't they ever heard of encryption?

    sheesh
  • and the article was really light on details, but there are alot of better ways to be secure.
  • ..someone at the US Patent Office is on the ball about the capabilities of DHCP when/if they apply to patent this.

    Whilst it is impractical/ impossible to lease IP addresses through DHCP multiple times per minute, it does sound as though it is a sort of faster DHCP.

    I believe cable companies advertise the fact they use DHCP as a means of protecting the user from attacks in just this manner; of course the other reason is they don't want any pesky 'ol servers set up on their network....
  • ..then IPv6 will need to the defacto IP standard sooner rather than later! Maybe its a cunning ploy to get everyone to upgrade!
  • Or frequency hopping. Indeed, I don't see why you need a "special card" or a central server, so long as the machines involved can agree on an IP sequence and the timing.

    If you wanted to get fancy you could simultaneously assign several IPs and spread the packets amongst them (as well as periodically changing the IPs), to really confuse someone doing traffic analysis.
  • Ahh, the joys of frequency-hop radios.

    I've been trained on the SINCGARS model radio in the Army. It can jump between 100 frequencies per second and you can supposedly still make out what is being said , even if 30% of the hopset is being jammed.
  • Obscurity is only bad when it's the sole basis of your security measures. It is still an important part of any security system.

    This is not about securing a system, it's about making it harder to find, period, as you said.

  • This doesn't seem to be the "incredible intellectual achievement" claimed in the article. Most modern radio-based communications do the exact same thing in the form of frequency hopping. And those system don't require a central host to mediate (although they don't have to worry about routing tables, which leads to . . .)

    From the 'gotcha' front, I wonder how they addressed the problem allowable IP addresses to jump between. I would think you would always be limited to the subdomain routed by the host you connect to. If you are connecting from and to huge domains, it's not as bad, but if there is very little traffic in or out, it would be easy to reassemble your session simply by ignoring the IPs and capturing everything. Either way, you are relying on obscurity to provide security.

    Although I wouldn't call it a bad idea, I don't think this qualifies as a good one.

    -Trevor
  • This link [commoncriteria.org] is for a blurb about how Robert Hanssen (the recently accused spy) wanted to work at Invicta when he retired.

    Invicta doesn't appear to have a website. Maybe because they don't have an IP address for search engines to crawl? How would that work, anyway? If it switches addresses all the time, how do you keep a connection open?

  • I suppose windows is capable of releasing an ip and getting a new one... ideas?

    Yep, get Windows 2000. It can change IP's, DNS servers, and more without rebooting.
  • If I understand IP well enough. All they seem to do is spoof to another IP every 0.x seconds. Hence probably the billions of IP addresses too.

    Maybe they have a lot of destination addresses too, but somewhere, somehow this has to be routed to the receiving end. Of course, it could be the central server, but then that would be nothing but a router.

    Of course, one could also split an encrypted file/text in blocks, and send those in a particular order to/from a number of IP addresses. Kind of like a key. But that would be a pointless excercise: from 8ip's to 8 ip's would be equivalent to 6 bits extra keyspace (2^6 possibilities). It would just be just a little harder to get all of the traffic.


    ----------------------------------------------
  • Why not just use MultiProxy [multiproxy.org]? You set it up as a proxy, and it connects and routes your TCP/IP traffic through other publicly available proxies on the 'net. You can have it cycle through (non)anonymous proxies at specified intervals, or for every connection. This is essentially the same idea, but without a centralized server. Right? Or am I way off? BTW, this program is great for circumventing blocked AIM or ICQ ports if you're behind a transparent firewall.
  • That's not how IPv6 is allocated. Check out RFC1884. First off, provider-based addresses only have 1/8 of the total address space (that's you, me and Slashdot). What's worse is much of that (45 bits) is allocated to service provider identification.

    You'll basically have an SLA ID (Site-Level Aggregation Identifier) of 16 bits and an Interface ID of 64 bits. How can any company need more than this? Well, for starters, every company I know of over 1000 employees has many service providers for different divisions, acquired companies, failover, etc. Since those high 48 bits are used to identify unicast addressing and an ISP, you will have to have multiple SLA ID blocks....

    When I posted, I thought the Interface ID was only 32 bits, so this is a much better situation. Certainly in a world where people allocate addresses as efficiently as we did in the early days of IPv4, we need not worry.

    I give IPv6 unicast address space 10 years (5 more than my previous estimate) before we run out, and have to start chopping up the IPX space to give out....

  • Well, first of all, this isn't really a "conservative" example. You assigned 1 billion IP addresses to that?
    No, my example was conservative because I know companies would be more wasteful with their allocation than I was estimating.

    The number was not 1 billion in the article, it was "billions", so your comment, "Now as we all know, 32 bits is roughly 1 billion ... well, at least you said it is ... (32 bits is roughly 4 billion just in case you can't do the math which is what you're assuming people at Slashdot can't do)," was just a hair off the mark. I also pointed out that most businesses will "round up to the nearest oscene order of magnitude."
    So we have 2^86 worth of companies that can exist with a 2^42 IPv6 addresses.
    Go read the RFCs I think you'll be disapointed. First, I was wrong. The company allocation is 64 bits for Interface ID, not 32. Then there's the 16 bits of Site ID. But that's it. You get no more playground. The rest is allocated to address type id (3 bits) and ISP (45)

    No, the space given to companies is very generous (vastly moreso than with v4) but if companies start planning based on using 32 bits per unique device, we won't last very long....

  • Last reply. This is beginning to look like I've been succesfully trolled.
    I was quoting YOUR statement not the article [...]
    round up the the nearest obscene order of magnitude ... a billion addresses per application is roughly 32 bits.
    Yep. In what way does 1 billion (10^9), "rounded up to the nearest obscene order of magnitude" not equal 32 bits in the context of IP addresses? In case you missed what I was trying to get at, most businesses will not subnet those last 2 bits, they'll just throw them into the mix for good measure ("added security";)
    I read the RFCs
    Then why did you cite 96 bits of remaining IPv6 address space?
    I love people that just start throwing numbers out there and say "See? Your'd doomed! We're all doomed! Don't believe me? Well, you're obviously stupid and can't do the math than"
    Ok, I'll say it slowly for those in the cheap seats.

    Assertion of fact 1: There are 64+16 bits of address available per ISP customer entity in IPv6. How the first 16 are managed is still slightly up in the air, and may not be available to the customer to directly manipulate.

    Assertion of fact 2: The article suggested that using "billions" of IP addresses per device would soon be reasonable. Because of "increases in cyberspace".

    Assertion of fact 3: Most medium-to-large companies will (conservatively) use 8-16 bits on subnetting, regardless of their actual need. How do I know this? Every such company I've interacted with ALREADY uses that much space in private addressing, and every one of them that I've spoken to plans to allocate IPv6 space to all of their private addresses, even if they're non-routable. This fact is based on the speculation that they will follow through with their plans, and that I've seen a representitive sample.

    Extrapolation/Speculation 1: If companies start thinking in terms of using 32 bits of address for a single device (64 TIMES the normal allocation per device), you'll start seeing more abuses balooning out from there (I cite a major backbone provider that currently uses two /16's for their backup networks that have handfulls of hosts among MANY other abuses as "prior art").

    Extrapolation/Speculation 2: Given about 16 bits of subnetting space left over for your average large company on day one and the above speculation, I expect that to get used up in about 5-10 years. Why? Well, for one 5-10 years is the span of time that it took to go from "class B addresses are being restricted" to "we're breaking up class As to avoid an IP address crisis" in the 32-bit address space. Also, in the next 5-10 years, I expect to see 1) every household in the US and other major nations become IPv6 address space consumers 2) easily an order of magnitude more multi-home companies 3) massive need for routable IPs in pupblic places on wireless LANs. Take the coffee shop in Mountain View (Dana St Roasting Company) as an example. Such a place will need to allocate 128 IPs even if their peak crowd of 128 users all have IPs in every other public place that they use the network.

    5 years was never a hard number in my original message, and when I found out that the allocation was 64 not 32 bits per customer, I backed off to "5-10" years, but there's no argument that before that article showed up 128-bit addresses seemed like a whole hell of a lot more network, and the end of IPv6 address space may have just become visible on the horizon....

    Then again, I thought that IPv4 addresses were too limited back in '89 and admitted that I was wrong in '91.... It's a matter of perspective and experience that makes us able to critique the past so clearly; I doubt that all of what I've said here will be certain.
  • by ajs (35943) <ajsNO@SPAMajs.com> on Tuesday May 22, 2001 @02:07PM (#205026) Homepage Journal
    I hear the toll of the bell:
    Even if every company wanted a billion IP addresses, that wouldn't be a big deal in a 128bit address space
    I didn't think I'd have to do the math on /. , but here goes:

    Company X has 100 applications that require a VPN (say, 100 data feed vendors). So, they do the usual IP address math that big companies do (round up the the nearest obscene order of magnitude). So, a billion addresses per application is roughly 32 bits.

    Now, I need about 100 of those, but clearly growth is a concern, so let's say I need about 8 bits worth.

    Ok, so before that company even gets off the ground. Before they even start deploying IPv6 on their servers, desktops, etc. They're using 256 COMPANIES worth of standard IPv6 allocation. If every company does this (and of course, this is a conservative example), we're talking about a gold-rush on IPv6 addresses that would exaust the non-reserved addresses trivially in the first 5 years.

    Let's not be hasty, though, let's assume that we can multiplex these puppies. So, one device might be able to handle multiple servers and clients and rotate the IPs correctly using one IP space. Cool, so for each server-side device IBM buys, only one company's worth of v6 allocation need be used. That should give us another couple of years of life on the namespace.

    All things considered, this is a very bad idea. Rotating through 20 addresses to confuse the issue can add some difficulty for crackers, but using "billions" of addresses will add you to my "rude Internet citizens" list.
  • by ajs (35943) <ajsNO@SPAMajs.com> on Tuesday May 22, 2001 @12:06PM (#205027) Homepage Journal
    This sounds very suspcious to me.... Problems as I see it:
    1. Your clients must all use this technology. This is fine for building a VPN, but it does nothing for building services which must be announced to the public.
    2. The quote: "The number of IP addresses drawn on may be in the billions thanks to an artificial increase in cyberspace, Sheymov said," makes me wonder. Are they refering to IPv6 or to private addresses? If we're talking IPv6, then I'm very concerned because I don't want to see every company on the planet sucking up billions of addresses per application. That would make the increase to 128 bits pointless. If they're talking about private addresses, you still have to map to an external address at some point, and that's your weak link.
    3. Since when do we expect the former head of the CIA to sell security solutions without back doors?
    4. On the other hand, since when do we expect the former head of the CIA to have a technical clue when endorsing products?
    Color me skeptical....

  • Dunno how practical the IP hopping thing would turn out to be in practice, but it makes me wonder if a usable IP equivalent of the anonymous remailer system could be developed. (It would, of course, have to frequently switch paths, perhaps with every packet.)

    This would be less centralized and offer anonymity, in addition to making it hard to trace the connection.

  • yup..its a secureid hardware card. made by the ex RSA patent holders at RSA : http://rsa.com/products/securid/index.html
    bitch to set up but it works great specially with kerberos...and it works with unixes and mainframes too. had an old universe mainframe install running it once.
  • I hope this doesn't become too widely-used. Can you say routing nightmare?
    ------
  • Don't you mean http://www.freedom.net/ ?
  • With a large enough IP space, couldn't one imbed information in the source address of the packet?
  • Even if every company wanted a billion IP addresses, that wouldn't be a big deal in a 128bit address space ... but it would be very predictable. Because of the simpler routing in IPv6, there would be a way to tell which IP addresses belong to whom. So if you can eavesdrop on the network, you can sort out which packets are for the company you are spying on, and then all that's left to do is find out how many connections there were at the same time, and pick the data packets apart.
    I am not a security expert, but this idea doesn't strike me as very useful or secure. Maybe somebody with more knowledge of the Internet than talking about "cyber addresses" could add some ideas.

  • by Dr. Blue (63477) on Tuesday May 22, 2001 @12:16PM (#205034)
    Yeah, I can see how great this would work with Windows: "You have worked for 2 seconds so I am changing your IP address. Windows must be restarted in order for this change to take effect. Restart now?" :-)

  • by joq (63625) on Tuesday May 22, 2001 @12:18PM (#205035) Homepage Journal

    All this sounds like is a time based routing mechanism nothing more, and I don't really see how changing the IP address is going to save a misconfigured machine. For one, somewhere down the line the address is going to delegate out, so if say someone is browsing via 10.10.1.16 and they're browsing say something on my server and my logs show:

    198.81.129.14
    "http://www.antioffline.com/cia-soviet/" "Mozilla/4.0 (compatible; MSIE 5.5;Windows NT 5.0)"

    Then about one second later

    198.81.129.193 "http://www.antioffline.com/cia-soviet/" "Mozilla/4.0 (compatible; MSIE 5.5;Windows NT 5.0)"

    Now this is typically another visitor or whatever, but if the connections were so repetitive enough with the same browser fingerprint coming through I can probably correlate them both together by their netblocks depending on who owned the block. So unless they plan on purchasing completely obsolete netblocks like say 198.81.129.0-255 then 198.83.0.0.-255 than how do they expect to stay obscured from view? Keep in mind that there are hardly any complete netblocks to purchase in that fashion (class A s close to impossible), so what are they really planning on doing?

    Now if they partnered with ISP's to snag dhcp addresses not being used from a wide variety of places, say Earthlink here, MomandPopISP there, then it'd be a plus for them however simple traceroutes, and block lookups can give you their information. (who owns the block etc)

    All it sounds like is a sort of a dhcp-round-robbin-routing set up which is not going to save them still, if someone is really intent on getting access to their networks, they'd run out of address ranges before their scheme would work.

    Now on the spook/snoop side of things... I say TMTOWTPGPSAM! (There's More Than One Way To Sign PGP Sign A Message) to keep info from eyes other than the intended recipient.
  • Good question!..

    This isn't like hopping ports, which theoretically might be able to do the same thing.. You're hopping IP's which means that the DNS server needs to know where the hell you are. If the DNS server knows where you are, then what's stopping me from querying the DNS server to find you?? I like the idea of hopping ports every few seconds, and firing encrypted packets that contain the next port, or a random seed included with the original request that defines the jump sequence...

  • Look, you're connected to the internet, you only have one subnet, with X addresses. This company gives you a VPN service, with it's own set of addresses, probably all virtual. How does this differ from VPN and/or NAT? It's fluff... NAT is nice for getting devices to be able to see the internet, but it's not a replacement for security. VPN is a good idea, but only if there are no chinks anywhere in the armor. (Yes, running Microsoft code is a BIG chink)

    --Mike--

  • If you could encace one of the participants with boxes running snoot, you'd could eventually figure this thing out. Sounds like security through obscurity which we all know doesnt really work, especially if you're the CIA.
  • Sounds like a neat idea if it works but..

    Closed source network hardware + Promiscuity between security layers = Lower security

    So this is the latest "unbreakable" huh? I'm sure nobody at the NSA, CIA, or KGB wants to know what's in those networks too. Cute.

    How do you know this isn't just opening a big fat vpn tunnel right into your company so other people can look at your network? Cuts both ways.

    Oh, check out www.invicta.com -- Looks like they haven't bothered to buy up their domain for a whole year. That's confidence I suppose.. Guess there's no site to have taken down.

    Another story from a year ago here [inet-one.com].

    I haven't seen anything except untechnical fluff articles and only a couple over a year. The idea of a Russian guy calling his system Latin for "Unconquered" isn't slick, it's dumb. You just need someone at their physical location, something he should know about. What idiot will trust him to install the thing?
  • Sounds suspicious to me.... Depending on whether the "centralized" box is really a centralized box run by his company or only a centralized-per-customer firewall-like-thing, it could be a golden opportunity for wiretapping the paranoid, or it could be just watered-down explanations given to the non-technical press by the Corporate Speaker-To-Publicists.
  • True if you rely only on your machine to make the random numbers for you. That's why you need a bettor random source - atomic decay, radio from a distant star, etc..
  • The concept of frequency hopping [hedylamarr.at] was invented by Hedy Lamarr [hedylamarr.at] in the 1930's. It is currently being used in several countries as a secure way of sending military orders.

    The advantage of frequency hopping to IP hopping seems to be that it's (probably) harder to predict frequencies than it is to predict IP addresses. No doubt they will/have figure/d out how to allocate a large anough IP space to make a fairly secure transmission and how to sync the sender and receiver.

    (...and what to do about the unused IP's... hmmm... You only really need one big pool of IP addresses for a set of computers, don't you? Then it's just a matter of juggling the IP's around and make sure every computer in the set of computers know what IP they themselves and their respective communication partner at any moment have... The more computer that are communicationg over the pool of IP's, the more secure the channel is.)

    And now, let's all repeat the mantra of the day: Computers do what we tell them to do. Thus no computer system will ever be completely secure.

  • Sounds like obscurity to me.

    Also I doubt they'll be able to apply this to servers. All the crap I had to go through when my IP address changed - notifying all my clients, changing zone files, updating WHOIS info, ...

    Now imagine doing this every 5 minutes when your IP changes.

  • just use dyndns.org [dyndns.org] yourself!

  • Or charity work for unemployed Russian tech workers ...


  • If the sequence used by these cards is not completely random then observing the stream of packets from either of the two connected computers will allow one to extrapolate the formula used to sequence the address progress.

    If I have the formula I need only a small ordered list of the IP addresses being used and I can predict what the next IP address will be. With that, I am in the loop.

    This sounds like a glorified network card to me. This might confuse the kiddiez, but I suspect persons who use this company's products would be much better relying on very strong encryption and rigid security practices.


  • I remember reading a while back now a paper on sending encrypted communications to a system using the TCP sequence number. The idea being to spoof a packet to the system under the guise of something fairly innocuous but have the real payload be encrypted and sent in the TCP sequence number or one of the other lesser used fields of the TCP packet. As far as any monitoring entity is concerned, that's just random crap coming in on the network connection.
  • Essentially all the computers using this "card" to communicate with the world wild web rely on firmware to be up to date and invulnerable to attacks. Not only does the card become the firewall, controlling which network services are available, it also becomes the ultimate "sitting duck" described in the article. According to the article, each client can decide how often it's ip should change and which network services it will serve. It would follow that an attacker could compromise the card by masquerading as one of the clients and actually ghost the entire website.
  • Hmm. Wasn't Invita, just one letter off from Invicta, the name of the fake security company the FBI used to snag [slashdot.org] those Russian hackers not that long ago? Curious...


    ---

  • Are they trying to outdo one-click ordering?

    In order to route IPs on the Internet, route aggregation is required. An end host isn't going to be able to switch its address amongst many different network addresses, only to different IPs in a subnet. Given that someone who wants to compromise a machine has to have a way to find/connect to it first, it is trivial to relocate a machine. Also, see if ARIN wants to assign whole blocks of IPs for machines to hop around on.

    IPv6? Maybe that would make this slightly more useful. But if a machine is supposed to be accessible, you have to make it known where it is -- if it isn't accessible, then you SHOULD just put a firewall blocking all inbound traffic, and that's that.

    Another day, another "revolution". *sigh*
  • I imagine it's only good to confuse sniffers for a VPN type connection.

    something like this where two computers want to talk to eachother.

    comp1: hey comp2
    comp2: sup, here's my new ip
    comp1[new ip] i'm down, here's my public key, and my new ip
    comp2[new ip]: cool, here's my public key and my new ip
    comp1[new ip/encrypted] here's my new super secrect receipe for grits.

    something like that, which is bassicly a publickey/privatekey system with changing ip's. which i supose would help with man in the middle attacks.. maybe.

    -Jon
  • How is this different from police radios? They like to jump between frequencies, but I can walk into Radio Shack and get a scanner that'll receive them...
  • Good, now I can circumvent Slashdot's ultra-lame IP block when trolling AC without resorting to slow proxy servers. :-)

    --



  • This isn't the type of thing intended to protect someone running a web browser from being identified (as your example suggests). This sounds to me like an additional layer of protection. Right now, we've got encryption to protect TCP/IP communication from eavesdropping via packet sniffing. With the type of processing power in the hands of our nation's (the George W. 'led' country) spy organizations as well as foreign powers, there's nothing to really confirm that your 4086 bit encrypted messages aren't being decoded in the 8th level of a building's basement somewhere. And that's by contemporary technology standards. For real spy organizations, it's often essential that encrypted communications NEVER be cracked as even a 10 year old message might comprimise the identity of a long-term mole. Right now, operations like echelon are sifting through packets and flagging suspicious communications. Just because something is encrypted doesn't mean it's ignored. It just gets set aside... saved for future reference. Probably not ALL encrypted transmissions. Just those from origins or to destinations determined to be of interest to the sniffers. The 'future' reference is an anticipated point in the future when technology allows for the unravelling of the message or an exploit is found for the encryption method (microsoft embedded hidden key comprimised... etc.).


    Here's a tip for would-be encryption hackers: If you find a weakness in PGP, don't send Phil Zimmerman an e-mail about it.. no matter how densely encrypted it is. Not only will he never receive it, but it's likely to be the last message [mk120.mine.nu] you'll send.



    Seth
  • than some standard stuff we have now. If you're gonna have a network of computers talking to a "central control unit" to maintain security by having the IP hop around their subnet. Aren't they better off with something as simple a NAT enabled firewall?

    I could see the utility of two distant computers carrying on a conversation, each changing their IP to be a pain to packet sniffers, I guess, but wouldn't encryption be more secure?

    Ahhh. One feature would be the ability to specify which applications are available to the outside. Well, couldn't a firewall do that as well?

    Also, if the IP address keeps changing, how exactly would their servers be available? If not by DNS (which wouldn't change fast enough and would defeat the purpose) then they'd only be available by IP, right? Of course, if the IP keep changing, how would you know the one for the server you wish to connect to?

    Sounds daft to me.

    --
  • I run a low-traffic web server, and have witnessed connections from AOL in my server logs that follow the pattern:

    152.163.188.1
    152.163.188.35
    152.163.188.65
    152.163.188.37
    . . .

    Often, the IP is changing between requesting each graphic from the index.html page.

    This is probably just simple load-balancing taking place, but the results are very similar to this so-called "new technology" for hiding the source IP.

    Even with a sufficiently large and diverse IP pool, this would essentially be only as secure as the random number generator that picks your next IP address. And we all know how robust and un-crackable random number algorithms are. . .

    later,
    kristau
    • All those IP addresses have to be routed to the same destination, and the routers have to know how to get there, so you can tell from the routing information where the destination really is.
    • Any stateful firewall that sees this stuff is going to think it's under attack. Those snippets of sessions from all those IP addresses will look like DDoS attacks. So this is a great way to attract attention to your secret traffic.
    • This breaks congestion management and QOS stuff. Routers that look for DDoS attacks will see this as an attack. Plua it will thrash router caches.
    • IPv6 is needed to get enough address space.

    So this is "not suited for widespread deployment."

  • Frequency hopping has been around for decades, most prominently in CDMA technology. More precisely, "IP Hopping" is an almost perfect analog to "slow frequency hopping" where multiple bits are transmitted on one frequency band before hopping to another band. I suppose "IP Hopping" can be considered novel, but no, not really.
  • "My connection is super secure. Other than the CIA and the KGB nobody can trace me!!!!"
  • Um, yeah, I read the article too. Sounds like a rehashed press release that caught some staffer's attention.

    If you really think about it, this is not going to benefit most companies one iota for protecting their corporate traffic. Think about it...most big corps run their own dark fiber now, have their own networks and routing policies trans/internationally. So what if you modulate your IP space out in the big bad world? Smaller corps use VPN's and such in addition to smaller pipes. The paranoid ones encrypt everything. I don't see how modulating IP's, which must fit into predictable ranges anyways, is going to really help things along much.

    However, there is one area of use by big corps that can afford this toy. That is snooping on their competition. Most IDS systems don't come with the kind of configuration that can handle fingerprinting this toy's kind of traffic. You have to script it in or find a vendor(with really good consulting staff) that knows their stuff. This toy gives folks with deep pockets a substantial advantage over someone who won't or can't buy it or the protection they need.

    As for the infallibility of this toy, it would be interesting to see some pros tear it apart and see what ticks. I am betting there are some holes there.



    mrgoat
  • ..as in:

    We'd like to "invita" you to our country, special party, very elite, BYOB, and don't forget your toothbrush.

    Maybe "invita-tion" would make a good New Hacker's Dictionary term: getting invited to something that is going to be detrimental to your health/career/whathaveyou. Probably not in the hacker psyche deeply enough though.

  • Like spread spectrum radio waves, you first have to lock into the variation, wich in this case could be completely random, [...]

    Nothing is really "completely random." When creating large sets of random numbers you usually have to rely on some algorithm to create them, which rules out the "random" bit by the definition of an algorithm.
    --

  • So unless they plan on purchasing completely obsolete netblocks like say 198.81.129.0-255 then 198.83.0.0.-255 than how do they expect to stay obscured from view?

    You're assuming they plan to own the IP addresses they say they're coming from--i.e., non-spoofed IP's. Given that this plan originated from the CIA and (former?) KGB I would say that that's a dangerous assumption.
    --

  • This won't work. Sub-second IP changes would mean the server (read "router") will have to log the chain of IPs for a short while, in order to route (NAT) return traffic properly. So compromise the router, security gone. I, for one, don't trust that. Second, as a website, simply do traffic analysis on your logs. Most sites have referrer turned on, they'll know if you click two consecutive links on their site (or enough of the time to reveal your uniqueness). This is (weak) information hiding, not security. Where do they get these people?
  • by zzyrc (159123)
    Well - so you have your small company, one internet connection, one subnet and your system starts IP hopping on that subnet. How braindead.

    If you own multiple connections to the internet in more than one country and could switch between them, it would be more interesting. But different RTTs and switchover times will kill you then.

    Sounds simply useless...
  • It would be my luck that I would be transfering the last 10megs of a 500meg cd-image, right when my IP changed.

    But seriously... It sounds good in theory, but if developers don't code their apps for the instantaneous IP change, it could seriously cause major headaches.

    Also there would need to be downtime for an IP before it was used again, otherwise I could make a request, (then if hypothetically I changed IPs, and my old one was assigned immediately) the other user with my old IP would recieve the packets. Which could be a huge security risk, if transfering sensitive material.

  • Could something like this work as a P2P app? where you connect to another machine (VPN_ and uses its inet connection to view other pages/ftp but with everyone having a VPN connection. No logs stored so no way to trace the true source. Seems like it might work but you might get some slow connections but if you need a secure connection you probally are not asking for a high speed T3 line to bounce your traffic to/from.

    Just an idea.
  • It sounds interesting, though I'm not sure if reuters has their story correct. This is my take on it.

    I'm assuming their solution is hardware based ("special cards"), with a star topology from the central unit. I'm sure that the special cards will not be running a variation of ethernet, but some other, more secure transport. If it is standard ethernet, the network would be switched.

    The "central unit" acts as a switch / router, and allows some kind of address changing. No other hubs / switches are on the network, except perhaps between "central units"

    I am assuming that reuters or yahoo is wrong, and this protocol is based on the switching of MAC addresses, rather than IP.

    If so, then the whole network would have to be revamped in order to put this in place. Existing routers would most likely not be able to handle MAC switching - perhaps a software upgrade could change that though. I'm pretty sure that the company would just sell their central units as hubs / switches. Why not have a monopoly on the propriatary network that you designed?
    So, while they are at it, they might as well couple this with fiber optics, with the central unit watching the strength of the signal for drops (i.e. a fiber optic tap is detectable - unlike ethernet, which can be tapped just by planting something on the cat-5 jacket (CIA $$$$ stuff) - or by cutting into the wire and installing a repeater/sniffer unit. We are talking about fairly expensive "spy" stuff either way.

    If not, if the address switching is indeed IP, there would certainly be a way to sniff the network and to filter out MAC adresses from all other data being sent across the network. If the "special cards" or the network were designed to prevent sniffing, that would

    Either way - it is essentially security through obsurity, but it makes life a lot harder for those trying to compromise computers - although hosting a server with this would be difficult - unless the Central unit acted as a gateway of some kind.

    More info is certainly needed - if someone can post some that would really clear things up.

    The slashdot 2 minute between postings limit:
    Pissing off hyper caffeineated /.'ers since Spring 2001.

  • ... just to trade Metallica songs.
  • by isomeme (177414) <cdberry@gmail.com> on Tuesday May 22, 2001 @01:12PM (#205070) Homepage Journal
    Sounds like the IP analog for radio Frequency Hopping Spread Spectrum (FHSS [boun.edu.tr]). Which, by the way, was invented and patented as a radio security technique during WWII by movie star Hedy Lamarr and her pianist [techtarget.com]. A movie star geek girl? I was definitely born in the wrong generation...

    --

  • You need to learn about exponentials.

    Lets assume there are 4billion people (2^32) each wanting to run 4billion apps (2^32) each requiring 4 billion IPs (2^32).

    Total IP consumption 2^96. So we can grow by a factor of 4 billion (2^32) before we need to worry.

    2^128 is Big, Really Big. In fact you don't want to know quite how big it is.

    So long, And thanks for all the fish.

    Tim.
  • I would think that your computer would see a set local IP address, and the net card would handle everything else. From the sound of it, at least for now, it seems aimed more at corperate or WAN usage, where this card would only be on the server. I don't think his intentions are to sell this as a consumer product for a little while.

  • It's a step, but lets face it. If somebody, especially the gov't really wants to see what you are up to, they'll find a way.

    Of course, a centralized server would need to route which would be a major bandwidth bottleneck.

    And, of course, a centralized server could also be very easily tapped by a Carnivore-like device.

    I guess it could scare off a few skript kiddies though.

  • by SlashGeek (192010) <petebibbyjrNO@SPAMgmail.com> on Tuesday May 22, 2001 @12:08PM (#205074)
    Read the article!!! The author clearly stated that things like encryption and firewalls were like "building fences around known locations" wich makes them "sitting ducks for a determined hacker." The idea behind IP hopping is that they don't even know where you are to begin with. Like spread spectrum radio waves, you first have to lock into the variation, wich in this case could be completely random, then deal with the "fences". It adds another layer, and a pretty damn good one.

  • What happens when you get a DoS attack from a billion different IP addys? This is a two way street here.
  • Don't you wish there was some way to sell shares in idiotic companies like this short before they IPO?

    (BTW, I've already patented a similar security method: I train packs of chipmunks to plug and unplug 10baseT cables into random ports, thwarting any attempt to break in across the related links.)

    --Mike

  • by SomeoneGotMyNick (200685) on Tuesday May 22, 2001 @12:02PM (#205077) Journal
    It should be worth making a few more episodes of The Lone Gunmen to exploit it.
  • it's called a "Dial-up account", and I've been using it's security feature of random IP addresses (aka "dynamic" IP) for years. News sure travels slowly huh

    Yeah, crappy ISPs can now advertise their high line drop rates as "security features".

  • Invicta? Wasn't that the name of the FBI's fake company [slashdot.org] that snagged those Russian hackers?

    Odd that they would have the same name...


    Viv
    -----------
  • Here's something I came up with about the time Carnivore hit the news that wouldn't take a big corporation full of ex-intelligence (yeah, right.) officers to implement:

    http://www.digitech.org/~tjunkie/idea.html [digitech.org]

    It's a pretty simple idea, not very flashy, and, oh, it's a freaking bandwidth hog. But, same time, it might be fun to play with.

    Ed R.Zahurak

  • However, there is one area of use by big corps that can afford this toy. That is snooping on their competition. Most IDS systems don't come with the kind of configuration that can handle fingerprinting this toy's kind of traffic. You have to script it in or find a vendor(with really good consulting staff) that knows their stuff. This toy gives folks with deep pockets a substantial advantage over someone who won't or can't buy it or the protection they need.

    Why let somebody else have all of the fun (and profits)? Create a small division and don't associate it with the rest of your company specifically designed to "break" this unbreakable scheme.

  • No, it was a completely fictious company [yahoo.com] that the FBI invented for this case. (But those names are rather similar. Maybe all spooks think alike?)
  • how happy would windows be about this? Everytime I change the static ip of my network card I have to reset. I suppose windows is capable of releasing an ip and getting a new one... ideas?

    perhaps it would be wise now not to expect security on a win box? (but that would definitly be read as a troll)

  • Doesn't necessarily have to consume bandwith.
    Put another way, the router used has to handle all that bandwith anyway, just make it a little smarter.
  • Wow.

    Spread spectrum meets NAT.

    Still, it looks new and interesting, but it still depends on a lot of out-of-band information, and I'd hate to be in charge of their BGP tables.


    //jbaltz
    --

  • by hillct (230132) on Tuesday May 22, 2001 @01:06PM (#205089) Homepage Journal
    Maybe, but isn't this just a variant on 'security through obscurity'?

    I'd have to say that this is a not-so-clasic example, and in fact a neat idea, but when it comes down to it it's still securing a system through making it difficult to find.

    It's admittedly a neat technology, but it it really secure?

    --CTH

    --
  • Yes, but frequency hopping involves an agreement between the two communicating systems as to how often to hop, within what range, and in what pattern. It is for this reason that you can't have interoperability; you can't use just any radio that talks on the same frequency range as a frequency-agile system to join in. And the only thing protecting the security of those communications is the restriction of sale of the devices (and the knowledge of how they establish communications). This is a bit more like a VPN than what they describe here, when you really think about the implementation.

    The real difference between the frequency-hopping analogy and reality is the simple fact that unlike FH communications, the internet is supposed to be as interoperable as possible. A Mac can look at the same web page as a Solaris box, or even Windows (if it stays up long enough, obviously, for the page to load). This is accomplished through...wait for it...well-documented and widely disseminated standards. To make the comparison with frequency-hopping systems accurate, you'd need to have all or most transciever manufacturers decide on a few standards, then agree to make all of their systems so that they work with all other ones (by adhering to the standard). And once you do that, how well do you think frequency-hopping will hide what you're saying?

  • by Shoten (260439) on Tuesday May 22, 2001 @12:26PM (#205095)
    Ok, let's see if I get this right...

    They keep moving around so many times a second that the bad guys can't find them. If a bad guy manages to ping an address that's a target, by the time he even types the "n" in "nmap" it's another address.

    But the GOOD traffic can find them? How the hell does this thing know the difference? It sounds like they came up with a great way to hide a computer (especially if they end up trying to pretend to be someone else's IP range in the process), but they totally ignore the fundamental problem: how to tell good traffic from bad without a human having to examine it. This has to be some of the worst snake oil I have ever seen.

  • I do a form of this all the time. My cable modem has come under attack a few times, and each time I just release and renew IPs via DHCP and let the router handle all the bandwidth. Coupled with a dynamic DNS and you have a moving target which is accessible to those who you only want it to.

    Isn't this just a variation of some kind of dynamic host configuration?

    Unfortuantly, in both cases, hit the control server (e.g. DHCP, trn, etc.) and the whole system is down. There is also the cavet that at some point the dynamic address must be available to the public (in my case via dynamic DNS), so if my script kiddies were smart enough, they could have had their program get my address from my DNS server and adjust their attack accordingly. Or taken down the DNS server, so I would have defeated my purpose.

    In either case you shouldn't rely on security through haystack and needle methods. You can always burn the haystack if you don't care about the needle.
  • by ZaneMcAuley (266747) on Tuesday May 22, 2001 @12:04PM (#205102) Homepage Journal
    More like a moving target :) Duck shoot ne1 :)
  • I dunno, but it seems like if you wrap a towel around your head so that you can't see your attacker, then, even if he thinks that he can't see you because you can't see him, the rest of us can still tell that you've got a towel wrapped around your head.

    --Blair
  • 'The Invicta system uses special cards to link protected computers to a central control unit. It lets clients decide how often they wish to vary IP addresses and specify which applications may be accessed on their network.'"

    What they fail to mention is that their Central Control Unit is running an out-of-the-box copy of RedHat 6.0.

    -

    Seriously; how secure can this be if it is revolving around a single (or cluster) of control units that dictate, record, log, and monitor the IP addresses?

    Sounds to me like they're selling us NSA-quality security, along with NSA-approved backdoors and line tapping capability.

    -

    How about this--instead of having a single control center managing the IP pool, we create a peer-to-peer network where, upon joining, you effectively 'donate' your 'IP address' (some form of tunneling/enscapulation would be in use?) to the community pool.

    The network client continuously searches for a new partner to exchange addresses with, based on specified variables, and trades your address with theirs.

    Instead of being a one-to-one swap, it's going to be take an address, pass it on.. the first few may be easy to track, but once you've done your 10th or 40th swap (each sequential exchange gives the new partner the address you procured in the last exchange), the paper trail is extensive.

    Just a random thought, it may be effective when combined with some existing solutions.

    Jason Fisher [feroxtech.com]
  • by sakusha (441986)
    Could this bee a hoax? I remember it was only a few weeks ago when the FBI lured two Russian crackers to come to work at a fictitious security company called "Invicta." It was a false front created to lure the crackers into US jurisdiction.
  • It seems like the main goal of this technology isn't to obscure the source of web browsing, as another poster assumed, but rather to make sniffing a session much more difficult. Since both ends need to be running this software, I don't see it being useful for anything else.

    Still, I wonder about a few things. First, how can you implement time-based IP-hopping when IP is not time-dependent? That is, what happens when the connection between the two machines encounters a bit of congestion? The destination will have hopped on to a new address and the packetes will never arrive... unless there's something I'm missing.

    Second, don't the packets contain things like the MAC address of the ethernet card? Are they saying that their technology either will not include this information, or switch it right along with the IP address?

    As glorious as it sounds, somehow I don't see this being nearly as effective against MitM as signal-hopping with radio frequencies. With a radio scanner you would either have to monitor all available frequencies to try to put the session together or synch with the session and hop along with it, which is fairly difficult. However with packet sniffing, everything that passes is available for reading. The only way I can see this being halfway useful is if somehow every address used had a different route between the two machines, which isn't really feasible.

    So... it's a nice idea I suppose but it sounds to me like it's mostly hype.

  • At a server? That's just stupid...how can you be got to? And if normal traffic can reach you, doesn't that invalidate the whole point?

    43rd Law of Computing:

How many hardware guys does it take to change a light bulb? "Well the diagnostics say it's fine buddy, so it's a software problem."

Working...