--- John Oliver [EMAIL PROTECTED]
wrote:
A thought just occurred to me... desktop systems (and even some servers)
could be almost completely secure if there was a way to dynamically
allocate and de-allocate routes. If your system has no default route,
it ought to be safe from any TCP-based
On Tue, 30 Oct 2001, John Oliver wrote:
A thought just occurred to me... desktop systems (and even some servers)
could be almost completely secure if there was a way to dynamically
allocate and de-allocate routes. If your system has no default route,
it ought to be safe from any TCP-based
]] On
Behalf Of John Oliver
Sent: Tuesday, October 30, 2001 2:22 PM
To: [EMAIL PROTECTED]
Subject: Secure desktop idea?
A thought just occurred to me... desktop systems (and even
some servers) could be almost completely secure if there was
a way to dynamically allocate and de-allocate routes
Congratulations... you just invented the firewall ;-).
More seriously: The basic problem will still remain: What is used as a
trigger to establish the route? How will you distinguish between 'good
connections' (for which you are building the route) and 'bad connections'
which are ignored.
It's an interesting idea. It's similar in concept to the way you set up
stealth IDS systems (attach them to network interfaces with no IP addresses,
or us a cable without any outgoing ethernet pins, see the Snort FAQ).
If you assume the model that all network interaction is driven by the
user's
Why not just disable the TCP/IP stack when it's not in use? As long as the
computer doesn't need to be seen over IP while a user isn't at it, that
could be done. MacOS up to 9.2 default to TCP/IP enabled when required
rather than all of the time. That effectively keeps them hidden on the
network