On Tue, 30 Oct 2001, John Oliver wrote: > A thought just occurred to me... desktop systems (and even some servers) > could be almost completely secure if there was a way to dynamically > allocate and de-allocate routes. If your system has no default route, > it ought to be safe from any TCP-based attack. If routes to remote > networks could be dynamically added as needed, and then removed, it > seems that it would be virtually impossible for an outsider to even see > that the host exists, let alone be able to root it. > > Ideas? Am I just way off the deep end here? :-)
Interesting idea. A few comments/questions: 1) It sounds like a lot of overhead. 2) It sounds a bit like NAT. 3) How would you communicate with other hosts on the internet if there is no route to yours? 4) Does "as needed" mean when a connection is attempted _to_ a host on this non-routable network, or when a connection is made _from_ it to a host outside of said network? 5) If "as needed" means a connection _to_ it, how is it any different than the existing framework with some additional overhead? (I'm not a TCP/IP guru by any stretch of the imagination.) 6) If "as needed" means a connection _from_, do all the hosts on such a network become temporarily exposed, or just that single host? (I think I'm confusing myself now and just being argumentative.) 7) The host is exposed when it is added to the routing table and the whole system falls apart. Where's that copy of TCP/IP Illustrated... :) vertigo
