[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tails-dev
Subject:    [Tails-dev] MAC Changer Concept
From:       adrelanos () riseup ! net (adrelanos)
Date:       2013-05-17 11:46:52
Message-ID: 519618AC.1050402 () riseup ! net
[Download RAW message or body]

intrigeri:
>>> changing mac gets admin attention
> 
>> Is this a realistic threat model?
> 
> In a setup with a static list of allowed MAC addresses (e.g. a LAN
> with desktop computers that get fixed DHCP addresses in function of
> their MAC address, and where no other computers are supposed to be
> plugged in), any minimal log monitoring system will trigger an alarm.
> 
> I don't think this is unrealistic in enterprise settings, even the
> combination of that setup + being able to boot from DVD/USB is
> probably not that common.
> 
>>> admin looks for consistent mac
> 
>> How realistic is this threat model? Someone sitting at a desk,
>> remembering users and watching their mac address on screen as they boot
>> up their notebook?
> 
>> Wouldn't it be much more effective to look over their shoulder or to use
>> a miniature camera to spy on them?
> 
> I've no strongly formed opinion on that specific point right now.
> 
> However a good start to discuss it would be to avoid mixing "a network
> IDS automatically detects network configuration change events and
> raises alerts" with "a specific user is targetted by people who
> monitor his/her usage with spy gadgets". I think this only adds
> to confusion.
> 
>>> admin looks out for unpopular vendor ids
> 
>> Whenever this is realistic or does not have to be asked, since macchiato
>> will solve that.
> 
> ... if, and only if, its lists grow substantially. Last time I've
> checked, they still looked dramatically small, and using them would
> probably offer attackers means to fingerprint Tails users that we'd
> rather avoid. I don't mean improving these lists is impossible, but
> I'm afraid we should not act as if it will come for free.

Good points!

> Any update on what steps are being taken to improve these lists?

No idea.

[prev in list] [next in list] [prev in thread] [next in thread]