[Coral-dev] Are hardware adresses anonymized?
David Rosal
david.rosal at upf.edu
Wed May 17 01:57:43 PDT 2006
David Moore wrote:
> David Rosal <david.rosal at upf.edu> writes:
>
>>When using anonymization with CryptoPan, IPv4 addresses are
>>prefix-preserving anonymized. But what about hardware IDs like
>>the Ethernet addresses? Are they left untouched?
>
>
> Ethernet addresses aren't currently anonymized. Typically we capture on
> links between routers so you only see 2 mac addresses or if on a span
> port, don't care about anonymization.
You're right. It would have little sense to anonymize HW address
in the layer 2 headers.
> (...)
>
> You would also want to discard arp and rarp packets, since they'll leak
> ethernet addresses at a higher layer. Easiest way to do this is:
> -Cfilter='!arp and !rarp' on any coral application.
But I need to capture *all* the packets, even arp and rarp.
So there's a privacy issue regarding HW addresses carries by arp
and rarp packets at higher levels.
For me it would be sufficient to simply clear them out, but I
guess this feature is not currently available in libcoral, right?
*David
More information about the Coral-dev
mailing list