Internet security question.

hedrick at topaz.UUCP hedrick at topaz.UUCP
Sat Mar 14 16:04:30 AEST 1987 

brian at ukma.ms.uky.csnet (Brian Sturgill) asked what is to prevent
users from outside his university from pretending to be one of his own
computers, and thus taking advantage of .rhosts or hosts.equiv notions
of "trustedness".  Ethernets and TCP/IP as usually used in
universities are far from secure.  But this particular danger is not
one of its problems.  Most uses of TCP/IP involve a bidirectional
conversation.  In many protocols, there is an exchange of information.
But even if the actual data passes in only one direction, opening the
connection and maintaining it require packets to pass both ways.
There are a few protocols for which this is not the case, but as far
as I can recall, none of them use hosts.equiv.  Anyway, the point is
that any reasonable gateway will protect you against people from the
outside pretending to be one of your hosts.  Suppose somebody sends a
packet to your gateway, with a source address pretending to be one of
your own machines.  The gateway will probably pass it on to the
destination, and the destination will be deceived.  But when the
destination tries to reply, it will reply to the purported address.
That will be an address on your own campus.  This packet will be
delivered to your own machine.  Should this reply get to your gateway,
your gateway will not send it off-campus, since the reply is addressed
to one of your own machines.  Thus no conversation will be established
with the intrudeer.  Of course this is *not* true of other machines on
your campus.  A machine on the same Ethernet can pretend to be some
other machine, though in many cases error messages will start showing
up on the console of the machine being imitated.

All of this assumes that the connection between your campus and the
outside will be a real IP gateway, e.g. a synchronous line between one
of your VAXes and a similar machine on another campus, using the
normal Unix gateway software.  Or even better, you might use a
commercial IP gateway such as those produced by Cisco or Proteon.
However if your connection uses a bridge such as the DEC LANbridge, or
the Translan, then logically your Ethernet and the other guy's
Ethernet are the same.  This raises both security and reliability
issues.  In my opinion, you have to be crazy to use a bridge (as
opposed to an IP gateway) between networks for which different groups
are responsible.



As far as I know, all services that use
hosts.equiv

More information about the Comp.unix.wizards mailing list