On 8/11/06, Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote:
> Marc G. Fournier wrote:
> > On Fri, 11 Aug 2006, Nikolas Britton wrote:
> >
> >> Ok... With my new script it took only 158 minutes to compute ALL
> >> TCP/IP address hashes. I'll repeat that... I have an md5 hash for
> >> every IP address in the world! All I need to do is grep your hash and
> >> it will tell me your IP address. yippee! :-)
> >
> > Can someone please explain to me what exactly you are trying to secure
> > against in this case?
>
> He's trying to prevent any possibility of information disclosure about
> his servers. If I wanted to hack into his site, knowing what hosts he
> had running (ie. a bunch of live IP numbers) and what OS etc. each used
> would mean I'm already halfway to my goal. Now, while the design of
> bsdstats does not disclose that sort of stuff readily, any security
> conscious admin is going to worry about that data being collected and
> held outside of his administrative control. Having a completely
> anonymous and untraceable token to identify each of the hosts sending
> in information should make connecting the information back to the
> original sender practically impossible.
>
YES! what he said... I don't want ANYTHING to trace back to me or my systems.
> Although, playing devil's advocate here, anyone that could steal the
> Apache log files from the bsdstats server would be able to work out
> that sort of data fairly readily. I guess the truly paranoid should
> only submit their data via some sort of anonymizing proxy.
>
That's simple, don't keep the log files...
* Can we trust Marc to delete them?
* I thought this was going to be an official FreeBSD project hosted on
freebsd.org?
* Maybe we should get the OpenBSD people involved?
Just thinking out loud :-/
--
BSD Podcasts @:
http://bsdtalk.blogspot.com/
http://freebsdforall.blogspot.com/