in reply to How to implement a fourth protocol

The usefulness of your ideas depend on the kind of service you are offering through the real protocol in terms of publicity/privacy. You can run an open webserver, or you can tunnel services through some sort of VPN to accredited clients, e.g. running SOCKS through an OpenSSH connection.

That's much like the difference between a shopping mall and a private bar, but there's more to it. In a public mall, all kinds that make a world are allowed, but there might be cops around with a watchful eye to arrest evildoers. For a private bar, you could have door keepers, biometrics checking, ad-hoc-passwords or the like. Still those admitted could wreck havoc any time according to drinks absorbed and/or personal disposition.

So behaviour of clients is crucial to detect mischief, regardless of any protocol involved.

Bottom line is: you can't solve social problems with technology. (You can use technology to some degree of success as an aid to defend yourself, but only if you don't attack. Failure to observe that rule will render your technology worthless).

(Hm. Now what does this have to do with your post?)

--shmem 

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Replies are listed 'Best First'.
Re^2: How to implement a fourth protocol
by Moron (Curate) on Mar 28, 2007 at 11:51 UTC
    Given that one would separate customer traffic from public traffic, there still needs to be scalability that could not be achieved by e.g. VPN and that is why the new protocol idea, so that customers can get on board by downloading a protocol installation kit as soon as they have a formal relationship (e.g. a financial account) whose registration can be automated rather than needing lower level network modifications or hardware.

    -M

    Free your mind

[reply]
      Protocols are ways for computers to communicate. This is fairly fundamentally in opposition to your aim of security through obscurity - they don't know what language you're speaking, therefore they cannot hack it.

      You'll filter out _most_ of your automated attacks, by simply moving services onto another port. For everything else, you'll need the same security/authentication layers that you'll need anyway.

      What are you really trying to achieve? Reduced bot traffic? Just move ports. Even if you use a new protocol (which for a lot of reasons, isn't a good idea) then there will still be packets from the bots, bouncing off your firewall. So you might as well just run your webserver on a different port, and block all traffic on port 80. It'll achieve pretty much the same result - firewall can easily reject the traffic based on the port number.

      If you're thinking your new protocol will improve security, then ... well, there's an old adage: Security through obscurity, isn't. It's all well and good to work on the basis that if people don't know that you're using some unusual protocol, then they can't get in, but the fact that this protocol is going 'out onto the net' means it is impossible to guarantee that. And therefore, you still need to authenticate etc. everyone, and have an additional layer of complexity for your end users.

[reply]
        I never advocated security through obscurity. What I actually advocate is security through proper management of technology where it's necessary rather than always borrowing blindly from someone else.

        It is professionally incompetent to go looking from the outset for technology to solve your problems. Correct technical design is a from-scratch process in which only when it is complete and harmonious do you go looking for shortcuts and trade-offs and even then you need to know the full functional story 100% rather than assembling together a bunch of things you don't fully understand. It is also a sine qua non for the competent developer to reject what doesn't fit whether it's standard or not.

        -M

        Free your mind

[reply]

In Section Seekers of Perl Wisdom