Security through obscurity is not security

If you were around the release of 0.307, and browsed the forum / were in the, at that time, public DC dev hub, you probably saw a lot of noice concerning a feature cologic added to DC++; * Ip column in transfer list and later in 0.400; * Ip in search frame

The noice, being that people were complaining that people now were able to see other’s IP. The IP, the only knowledge required for ‘crackers’ (malicious hackers) to breach a computer.

While a lot of people jumped on the “oh my god, crackers now know my IP, so now can they hack me”-wagon, little understood why the IP columns were completely useless (from a safety point of view).

Basically, IP has a “simple” job; To let DC++ know where to send messages and where a message has come from. This means, without DC++ knowing the IP of someone else, it cannot make a connection. Thus, transfers are impossible if not both sides know each other’s IP. (For a full description of what IP really does, I suggest you use a search engine.)

You see, the IP is know by DC++ with or without that extra IP column. And crackers (well, perhaps not the script-kiddies, which I don’t consider a ‘cracker’) know this too. A tool I use semi-frequently is TCPview. In it, you can see exactly how many connections DC++ has made. And you can see everyone’s IP. (TCPview is only “cmd /k netstat” [write it in ‘Run’] with a GUI.)

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: