Path: utzoo!utgpu!watserv1!watmath!att!occrsh!uokmax!munnari.oz.au!uhccux!ames!ucsd!rutgers!mcnc!decvax.dec.com!ima!minya!jc
From: jc@minya.UUCP (John Chambers)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Dial up access to Internet facilities
Message-ID: <390@minya.UUCP>
Date: 3 Jun 90 22:32:13 GMT
Lines: 33

> CSNET did this some time ago with MMDF2b.  Some of the dial-up sites run
> a script every night which brings up the dial-up line, and then opens
> a connection to a port on relay.cs.net and tells it to start delivering
> mail to the site.  The application at that connection starts up the
> appropriate MMDF channel (mmdf can have multiple SMTP delivery channels,
> where a channel typically has messages destined for a particular site),
> which delivers the mail to the site.  [Note there's no security problem
> here -- anyone can start up the channel, but the channel will only deliver
> to the proper remote system(s)]

How so?  What's to prevent me from running a script of the form:

	for h in foo bar bax glorph `hostname`
	do	hostname $h
		<<Connect to your machine and exchange mail>>
	done

Is there some mechanism for detecting such spoofing?  The only way I can 
think of is by noting info at the link level (Ethernet address, phone number, 
or some such) and comparing, but on most systems, this info isn't available 
to application-level processes.  For instance, how does a process started
from a modem login discover the caller's phone number?  UUCP uses callback 
(if you can figure out how to make it work ;-), but I didn't see any mention 
of that.  What am I missing?

(Yeah, I know I'll also have to run ifconfig for this to work across the
internet.  That's part of the <<code>; give me credit for some smarts! :-)

-- 
John Chambers ...!{harvard,ima,mit-eddie}!minya!jc
--
If you're not part of the solution, you're part of the precipitate.
[Kiel oni ^ci tiun diras esperante?]