Pertaining to the "Any reasons to filter ARP packets?" - Security

This is a discussion on Pertaining to the "Any reasons to filter ARP packets?" - Security ; I would like to draw the attention of "Moe Trin" and "Ertugrul Soeylemez", specifically, to this post. A thread with the subject "Any reasons to filter ARP packets?" started in COLS earlier this year. Both Moe Trin and Ertugrul Soeylemez ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Pertaining to the "Any reasons to filter ARP packets?"

  1. Pertaining to the "Any reasons to filter ARP packets?"

    I would like to draw the attention of "Moe Trin" and "Ertugrul
    Soeylemez", specifically, to this post.

    A thread with the subject "Any reasons to filter ARP packets?" started
    in COLS earlier this year. Both Moe Trin and Ertugrul Soeylemez
    participated in that thread.

    Mikhail Zotov and I are working on the next issue of The Slack World
    magazine[0]. We found a couple of your posts interesting. We would
    like to publish those posts in The Slack World.

    Posts to USENET are in the public domain, generally. But, we still
    prefer to ask for permission to publish the posts verbatim or with
    some alterations.

    The posts in question are the following:

    Post by Moe Trin
    http://groups.google.com/group/comp....c0dcdc9?hl=en&

    Posts by Ertugrul Soeylemez
    http://groups.google.com/group/comp....25c255c?hl=en&
    http://groups.google.com/group/comp....66659d2?hl=en&
    http://groups.google.com/group/comp....176025c?hl=en&
    http://groups.google.com/group/comp....5e96fae?hl=en&
    http://groups.google.com/group/comp....bf05f24e479f20

    We would appreciate it if you guys can get in touch with Mikhail or
    I. The addresses on the website and the one in the Reply-To field of
    the header of this post are valid and functioning.

    The copyrights[1] of all articles and posts published in The Slack World
    are held by their respective authors.

    Thank you!

    Notes:
    [0] http://slackworld.berlios.de/
    [1] http://slackworld.berlios.de/license.html

    --
    Ayaz Ahmed Khan

    Then, gently touching my face, she hesitated for a moment as her
    incredible eyes poured forth into mine love, joy, pain, tragedy,
    acceptance, and peace. "'Bye for now," she said warmly.
    -- Thea Alexander, "2150 A.D."


  2. Re: Pertaining to the "Any reasons to filter ARP packets?"

    On 07 Sep 2006, in the Usenet newsgroup comp.os.linux.security, in article
    <45006b18$0$75042$14726298@news.sunsite.dk>, Ayaz Ahmed Khan wrote:

    >Mikhail Zotov and I are working on the next issue of The Slack World
    >magazine[0]. We found a couple of your posts interesting. We would
    >like to publish those posts in The Slack World.
    >
    >Posts to USENET are in the public domain, generally.


    Yes, but the copyright remains with the the original poster.

    >But, we still prefer to ask for permission to publish the posts verbatim or
    >with some alterations.


    Publishing verbatim is no problem - any alterations would technically violate
    that copyright.

    >Post by Moe Trin
    >http://groups.google.com/group/comp....c0dcdc9?hl=en&


    Mine was only one article, and things sort of wandered away from that set of
    points I was making. What seems to have been missed was the last paragraph:

    ] Hardware addresses (and IP itself) is only as secure as your control of
    ] access to the network, though encryption helps quite a bit. If you are
    ] concerned about attack mechanisms using ARP or hardware addresses, you
    ] need to be looking at other problems as well.

    You can use static ARP tables (and disable ARP on the media itself), but
    this offers no protection from someone using '/sbin/ifconfig -hw ether
    08:00:de:ad:be:ef' to change the MAC address their interface is using. In
    a intelligently configured switched network, the switch _MAY_ be configured
    to only permit "a" specific MAC address on any specific port, and of course
    the system that is being spoofed _MAY_ detect some other host sending
    packets with it's MAC address and complain, but the story boils down to
    control of access to the network. Poker is a popular card game played
    with an ordinary deck of cards - but when dealing with computer security
    please remember that "Physical Access Beats Five Aces". Think about that.

    >We would appreciate it if you guys can get in touch with Mikhail or
    >I. The addresses on the website and the one in the Reply-To field of
    >the header of this post are valid and functioning.


    Quite obviously my posting name (and email address) is not real. I'm under
    a Non-Disclosure Agreement with my employer (even though I am not posting
    through their news server). I work at a research facility, and The Powers
    That Be get all grumpy when anything is mentioned - we might be giving
    hints of what "The New Product" is going to be/do/look like. Personally,
    I have not qualms of my post being included as is - google obviously does
    so (with the not-unreasonable munging of usernames), and the few times I
    have used the "X-No-Archive:" header was to prevent caching URLs that I
    had included (abuse mitigation).

    Old guy

  3. Re: Pertaining to the "Any reasons to filter ARP packets?"

    "Moe Trin" typed:
    > Ayaz Ahmed Khan wrote:
    >> But, we still prefer to ask for permission to publish the posts
    >> verbatim or with some alterations.

    >
    > Publishing verbatim is no problem - any alterations would
    > technically violate that copyright.


    Thank you. We will publish your post *as is*.

    > Mine was only one article, and things sort of wandered away from
    > that set of points I was making. What seems to have been missed was
    > the last paragraph:
    >
    > ] Hardware addresses (and IP itself) is only as secure as your control of
    > ] access to the network, though encryption helps quite a bit. If you are
    > ] concerned about attack mechanisms using ARP or hardware addresses, you
    > ] need to be looking at other problems as well.
    >
    > You can use static ARP tables (and disable ARP on the media itself),
    > but this offers no protection from someone using '/sbin/ifconfig -hw
    > ether 08:00:de:ad:be:ef' to change the MAC address their interface
    > is using. In a intelligently configured switched network, the switch
    > _MAY_ be configured to only permit "a" specific MAC address on any
    > specific port, and of course the system that is being spoofed _MAY_
    > detect some other host sending packets with it's MAC address and
    > complain, but the story boils down to control of access to the
    > network. Poker is a popular card game played with an ordinary deck
    > of cards - but when dealing with computer security please remember
    > that "Physical Access Beats Five Aces". Think about that.


    No doubt.

    >> We would appreciate it if you guys can get in touch with Mikhail or
    >> I. The addresses on the website and the one in the Reply-To field of
    >> the header of this post are valid and functioning.

    >
    > Quite obviously my posting name (and email address) is not real. I'm
    > under a Non-Disclosure Agreement with my employer (even though I am
    > not posting through their news server). I work at a research
    > facility, and The Powers That Be get all grumpy when anything is
    > mentioned - we might be giving hints of what "The New Product" is
    > going to be/do/look like. Personally, I have not qualms of my post
    > being included as is - google obviously does so (with the
    > not-unreasonable munging of usernames), and the few times I have
    > used the "X-No-Archive:" header was to prevent caching URLs that I
    > had included (abuse mitigation).


    That's OK. Thanks for replying. Your posts will be published under
    your pseudonym.

    --
    Ayaz Ahmed Khan

    Then, gently touching my face, she hesitated for a moment as her
    incredible eyes poured forth into mine love, joy, pain, tragedy,
    acceptance, and peace. "'Bye for now," she said warmly.
    -- Thea Alexander, "2150 A.D."


  4. Re: Pertaining to the "Any reasons to filter ARP packets?"

    Ayaz Ahmed Khan wrote:

    [About postings to COLS by Moe Trin and Ertugrul Soeylemez, and your
    commendable desire to publish some of them in The Slack World:]

    > Posts to USENET are in the public domain, generally. But, we still
    > prefer to ask for permission to publish the posts verbatim or with
    > some alterations.


    You are mistaken in your assumption that posting ones creations to
    Usenet puts them into the public domain. The small grain of truth is
    that a copyright owner's ability to collect damages for copyright
    infringement might be impaired by such posting, since arguably the
    poster considers such writings to have minimal commercial value. Also,
    the poster creates an _implied licence_ to use his/her work in the
    fashion that is ordinary and customary for Usenet posts.

    But without a doubt, Moe Trin and Ertugrul Soeylemez _continue_ to own
    valid copyrights over the creative content in their postings -- and it
    is necessary (not to mention good manners) to ask their permission for
    non-Usenet redistribution.


  5. Re: Pertaining to the "Any reasons to filter ARP packets?"

    On Fri, 08 Sep 2006 15:02:22 -0500
    ibuprofin@painkiller.example.tld (Moe Trin) wrote:

    > On 07 Sep 2006, in the Usenet newsgroup comp.os.linux.security, in article
    > <45006b18$0$75042$14726298@news.sunsite.dk>, Ayaz Ahmed Khan wrote:
    >
    > >Mikhail Zotov and I are working on the next issue of The Slack World
    > >magazine[0]. We found a couple of your posts interesting. We would
    > >like to publish those posts in The Slack World.

    ....
    >
    > Publishing verbatim is no problem - any alterations would technically violate
    > that copyright.


    Dear Moe,

    The post of yours (together with the suggested paragraph) is published here:

    http://slackworld.berlios.de/05/wisdom.html#arp

    Thank you!

    --
    Mikhail Zotov

  6. Re: Pertaining to the "Any reasons to filter ARP packets?"

    On Sat, 23 Sep 2006, in the Usenet newsgroup comp.os.linux.security, in article
    <20060923093051.9b8848ea.invalid_muxaul@lenta.ru>, Mikhail Zotov wrote:

    >ibuprofin@painkiller.example.tld (Moe Trin) wrote:
    >
    >> Ayaz Ahmed Khan wrote:
    >>
    >>> Mikhail Zotov and I are working on the next issue of The Slack World
    >>> magazine[0]. We found a couple of your posts interesting. We would
    >>> like to publish those posts in The Slack World.


    >> Publishing verbatim is no problem


    >The post of yours (together with the suggested paragraph) is published here:
    >
    >http://slackworld.berlios.de/05/wisdom.html#arp


    That looks fine - glad to the the information made available to others
    who may not be aware of it.

    Old guy

  7. Re: Pertaining to the "Any reasons to filter ARP packets?"

    Ayaz Ahmed Khan (06-09-07 18:55:20):

    > I would like to draw the attention of "Moe Trin" and "Ertugrul
    > Soeylemez", specifically, to this post.
    >
    > A thread with the subject "Any reasons to filter ARP packets?" started
    > in COLS earlier this year. Both Moe Trin and Ertugrul Soeylemez
    > participated in that thread.
    >
    > Mikhail Zotov and I are working on the next issue of The Slack World
    > magazine[0]. We found a couple of your posts interesting. We would
    > like to publish those posts in The Slack World.
    >
    > Posts to USENET are in the public domain, generally. But, we still
    > prefer to ask for permission to publish the posts verbatim or with
    > some alterations.
    >
    > The posts in question are the following:
    >
    > [...]
    >
    > We would appreciate it if you guys can get in touch with Mikhail or
    > I. The addresses on the website and the one in the Reply-To field of
    > the header of this post are valid and functioning.
    >
    > The copyrights[1] of all articles and posts published in The Slack
    > World are held by their respective authors.


    Maybe I'm a bit late, but thank you for asking. I moved and so hadn't
    any time for surfing around. Personally I have the same view as Moe
    Trin. Well, my name is real, as well as my email address (even though
    it's often mistaken for a fake address).

    You may, of course, (re-)publish my posts verbatim, as long as I retain
    the copyright.


    Regards,
    E.S.

  8. Re: Pertaining to the "Any reasons to filter ARP packets?"

    "Ertugrul Soeylemez" typed:
    > Maybe I'm a bit late, but thank you for asking. I moved and so
    > hadn't any time for surfing around. Personally I have the same view
    > as Moe Trin. Well, my name is real, as well as my email address
    > (even though it's often mistaken for a fake address).
    >
    > You may, of course, (re-)publish my posts verbatim, as long as I
    > retain the copyright.


    Thank you, Ertugrul.

    Your posts have been published[0].

    Note:
    [0] http://slackworld.berlios.de/05/wisdom.html#arp

    --
    Ayaz Ahmed Khan

    Then, gently touching my face, she hesitated for a moment as her
    incredible eyes poured forth into mine love, joy, pain, tragedy,
    acceptance, and peace. "'Bye for now," she said warmly.
    -- Thea Alexander, "2150 A.D."


+ Reply to Thread