jerf at jerf.org
Tue Sep 21 07:58:15 CEST 2004
On Tue, 21 Sep 2004 14:12:14 +1000, Ajay wrote:
> if you use the service say 10 times, then the server can link those 10
> sessions together based on your MAC address.
> and the server will be on the same LAN
Unless your WLAN is monstrous, they can link your ten uses together by
looking for the wildly changing MAC address that is only used once. You
need everybody to do that for it to be any sort of defense.
Have you done a decent threat analysis? What are you protecting? What is
your likely attack vectors? Who cares, or rather, what kind of person will
care? I don't know any of these answers and you are free to share them or
not, as you are comfortable.
I am curious about what information you feel you are going to leak with a
static MAC address that you are not going to leak equally with wildly
changing ones with only slightly more effort from whatever attacker you
are worried about. Again, it is completely your choice to answer this, of
course, but you have piqued my curiosity.
More information about the Python-list