Re: BSDstats Project v2.0 ...
- From: Matthew Seaman <m.seaman@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 11 Aug 2006 14:38:48 +0100
Marc G. Fournier wrote:
On Fri, 11 Aug 2006, Nikolas Britton wrote:
Ok... With my new script it took only 158 minutes to compute ALL
TCP/IP address hashes. I'll repeat that... I have an md5 hash for
every IP address in the world! All I need to do is grep your hash and
it will tell me your IP address. yippee! :-)
Can someone please explain to me what exactly you are trying to secure
against in this case?
He's trying to prevent any possibility of information disclosure about
his servers. If I wanted to hack into his site, knowing what hosts he
had running (ie. a bunch of live IP numbers) and what OS etc. each used
would mean I'm already halfway to my goal. Now, while the design of
bsdstats does not disclose that sort of stuff readily, any security
conscious admin is going to worry about that data being collected and
held outside of his administrative control. Having a completely
anonymous and untraceable token to identify each of the hosts sending
in information should make connecting the information back to the
original sender practically impossible.
Although, playing devil's advocate here, anyone that could steal the
Apache log files from the bsdstats server would be able to work out
that sort of data fairly readily. I guess the truly paranoid should
only submit their data via some sort of anonymizing proxy.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
Attachment:
signature.asc
Description: OpenPGP digital signature
- Follow-Ups:
- Re: BSDstats Project v2.0 ...
- From: Nikolas Britton
- Re: BSDstats Project v2.0 ...
- From: Darrin Chandler
- Re: BSDstats Project v2.0 ...
- References:
- BSDstats Project v2.0 ...
- From: Marc G. Fournier
- Re: BSDstats Project v2.0 ...
- From: Marc G. Fournier
- Re: BSDstats Project v2.0 ...
- From: Antony Mawer
- Re: BSDstats Project v2.0 ...
- From: Marc G. Fournier
- Re: BSDstats Project v2.0 ...
- From: Igor Robul
- Re: BSDstats Project v2.0 ...
- From: Marc G. Fournier
- Re: BSDstats Project v2.0 ...
- From: Paul Schmehl
- Re: BSDstats Project v2.0 ...
- From: Marc G. Fournier
- Re: BSDstats Project v2.0 ...
- From: Nikolas Britton
- Re: BSDstats Project v2.0 ...
- From: Nikolas Britton
- Re: BSDstats Project v2.0 ...
- From: Nikolas Britton
- Re: BSDstats Project v2.0 ...
- From: Marc G. Fournier
- BSDstats Project v2.0 ...
- Prev by Date: Re: Almost ready with diskless setup
- Next by Date: Re: BSDstats Project v2.0 ...
- Previous by thread: Re: BSDstats Project v2.0 ...
- Next by thread: Re: BSDstats Project v2.0 ...
- Index(es):
Relevant Pages
|
