Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ucbvax.BERKELEY.EDU
Path: utzoo!decvax!ucbvax!SIERRA.STANFORD.EDU!GROSSMAN
From: GROSSMAN@SIERRA.STANFORD.EDU (Stu Grossman)
Newsgroups: mod.protocols.tcp-ip
Subject: Re: SMTP, 2600, and the security of mail
Message-ID: <12243434761.41.GROSSMAN@Sierra.Stanford.EDU>
Date: Wed, 1-Oct-86 19:55:50 EDT
Article-I.D.: Sierra.12243434761.41.GROSSMAN
Posted: Wed Oct  1 19:55:50 1986
Date-Received: Fri, 3-Oct-86 08:10:17 EDT
References: <SRA.12243390211.BABYL@XX.LCS.MIT.EDU>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 13
Approved: tcp-ip@sri-nic.arpa

> You could (marginally) ...

That's why I said "marginally".  Yes, LPD has this problem, but it's not
so simple.  LPD can be told to accept print requests only from certain hosts.
So now you have to:
        1) successfully imitate another host, and
        2) declare yourself as the appropriate port type
So that you can send bogus print requests to an lpd.

Yes, the 'privileged' port number stuff in LPD is quite naive.  However,
as long as point 1 (above) is quite difficult to do, LPD can be pretty
safe from bogus print requests.
-------