On Mon, Oct 20, 2014 at 8:01 PM, Giancarlo Razzolini <grazzol...@gmail.com> wrote: > On 20-10-2014 21:52, Ian Grant wrote: >> >> How else can one protect a system from DoS attacks, other than by >> concealing it some way? And what is cryptography if it's not >> concealing the meaning of a communication in some way? > > Oh my. DoS can be mitigated. You could never "protect" a system. Even if > there isn't any port open, they can flood you uplink, even if you stop > sending FIN or ACK. There is UDP. Cryptography is not just concealment. It's > integrity. It's authentication (in some cases). So it's the only way to be > sure your message wasn't modified because the math behind it is solid. >> >> Sure they can see it, but that's not going to tell them where it went >> next. So they can analyse all the traffic and what they learn from >> that won't be worth knowing half an hour later. > > Man, real time traffic analysis. We told you so many times. They'll learn it > right away. Because they can see ALL traffic in real time. Simple as that.
You don't read what I write. I said the info won't be worth having half an hour later. Because the service access point will have moved. I didn't dispute the real-timeness of the traffic analysis. >> I live in Bolivia, and >> I want to implement something like this here, so that the Bolivian >> government can have secure communications within Bolivia, and across >> her borders. > > I live in Brazil. And I'm aware of the situation of many countries in South > America, ours included. If you want that, please tell them to use known and > proven cryptography solutions such as Tor, IPSEC, Off the record messaging, > etc. Do not reinvent the wheel, because it will only make their traffic > stand out even further. Thanks for your "advice" but I will do exactly what I think is the right thing to do. >> I can make and a maintain any modifications to OpenBSD that I please. > > Of course you can. But if you go along these lines of reinventing the wheel > and security through obscurity you'll never get your contributions into it. I am not trying to become an OpenBSD developer. I just want to use for a real project. Ian
