>Furthermore we would like to point out that InvisiLAN technology has no relation >whatsoever with DHCP, for example InvisiLAN changes randomly not just the IP >address but also the MAC address and the port numbers. I don't see how MAC address changes would help for several reasons: 1) across the internet, let's face it. no-one cares what your MAC address is. 2) on local networks I can wtach arp traffic 3) you can no longer do port locking on switches to a given MAC address I assume the invisilan technology needs some sort of client/server setup with a master to track all the IP/MAC/port changes, otherwise client systems will never be able to connect properly to servers. This would seem to me to be a nice vulnerability point. Assuming the MAC address keeps changing any established connections can be more easily hijacked by assuming the old MAC address (which the victim was polite enough to give up on it's own). As far as I can tell this actually makes it sound like it would make a local attackers life easier. Firewalling can't really be used to restrict access to systems since the ports/ip keep changing, any IDS solution is going to yack up hairballs, assuming you can ever get it tuned to actually see the traffic properly, etc, etc. As for remote attackers, ok, it makes life a bit harder, but wouldn't those remote people who shouldn't be accerssing you be firewalled anyways? All in all it sounds like a wonky technology that hasn't been clearly thought out, and doesn't really address an identifiable problem. But boy, does it ever sound cool (I suppose one star out of five for sheer chutzpah is ok). Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/
