Hi!
Bob is stalking Eve, and he has figured out her MAC
address. He wants to
follow her around the city or simply learn where she lives. Using the node
map, which includes node IP addresses (or because he simply drove around
the city and mapped them out himself) he knows the IP/MAC to physical
location mapping of all nodes. A simple layer 2 or 3 traceroute will now
tell him Eve's movements around town including her work location and home
location. I am proposing that we disable the layer 2 traceroute
functionality in batman-adv and block ICMP Time Exceeded messages such that
traceroute is no longer possible, and such that it becomes much more
difficult to find the physical location of a MAC address.
OK, and you believe this scenario warrants crimping the network?
I do not have a direct analogy here, but we used for some time a captive
portal which blocked all traffic until you clicked a button in the
browser. We got quite some reports of network not working from geeks who
first thing after they connected to network tried something non-HTTP and
then tried to ping and debug and nothing worked. Never tried to open
HTTP. Those were people not otherwise involved with the network. They
just assumed things should work. So what I am saying that I think should
always work as expected. Don't break things.
BTW, I am not sure if normal traceroute does anything smart in Batman
network. So how much people will really know how to use Batman specific
tool?
Mitar
--
http://mitar.tnode.com/
https://twitter.com/mitar_m