On Sun, Nov 10, 2013 at 11:52 PM, Mitar <mitar@tnode.com> wrote:
Hi!

> Perhaps there is a better way to deal with the problem. If I understand
> batman-adv correctly, no node requires knowledge of anything but the next
> hop for every destination. This should mean that we don't need the layer 2
> traceroute functionality that batman-adv includes. If we change batman-adv
> such that a node can only ever know the next hop for a given destination,

I am not sure exactly what you are saying you would change? Batman
already knows only next hop for every destination. So what you would change?

Anyway, I think this is still complicating too much. Practically, any
attack would simply be listing all MAC addresses in the network. Once
you know this list you know that they are in the network. And then you
use other means to determine where a person is. You have to remember
that nobody is using only one approach or one tool. They will combine
data from multiple sources. Any change here will just make network less
open (in the sense that you would have a difference between admins and
non-admins), for what gain?

Can please somebody first describe a threat model we are trying to
address here? Who attacking whom and with which tools?

Bob is stalking Eve, and he has figured out her MAC address. He wants to follow her around the city or simply learn where she lives. Using the node map, which includes node IP addresses (or because he simply drove around the city and mapped them out himself) he knows the IP/MAC to physical location mapping of all nodes. A simple layer 2 or 3 traceroute will now tell him Eve's movements around town including her work location and home location. I am proposing that we disable the layer 2 traceroute functionality in batman-adv and block ICMP Time Exceeded messages such that traceroute is no longer possible, and such that it becomes much more difficult to find the physical location of a MAC address.

I think this scenario is our biggest concern with regards to tracking. The government already tracks people using other methods, but we're setting up a system that allows anyone to track anyone which brings with it a whole slew of new problems.

Encouraging people to install apps that change their MAC addresses will not solve the problem, since most people still won't install and use those apps (and some devices don't allow that level of control).

--
Marc/Juul