Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!topaz!hedrick From: hedrick@topaz.UUCP Newsgroups: comp.unix.wizards Subject: Re: Internet security question. Message-ID: <10101@topaz.RUTGERS.EDU> Date: Sat, 14-Mar-87 01:04:30 EST Article-I.D.: topaz.10101 Posted: Sat Mar 14 01:04:30 1987 Date-Received: Sat, 14-Mar-87 14:40:19 EST References: <6058@ukmf.ukma.ms.uky.csnet> Organization: Rutgers Univ., New Brunswick, N.J. Lines: 42 brian@ukma.ms.uky.csnet (Brian Sturgill) asked what is to prevent users from outside his university from pretending to be one of his own computers, and thus taking advantage of .rhosts or hosts.equiv notions of "trustedness". Ethernets and TCP/IP as usually used in universities are far from secure. But this particular danger is not one of its problems. Most uses of TCP/IP involve a bidirectional conversation. In many protocols, there is an exchange of information. But even if the actual data passes in only one direction, opening the connection and maintaining it require packets to pass both ways. There are a few protocols for which this is not the case, but as far as I can recall, none of them use hosts.equiv. Anyway, the point is that any reasonable gateway will protect you against people from the outside pretending to be one of your hosts. Suppose somebody sends a packet to your gateway, with a source address pretending to be one of your own machines. The gateway will probably pass it on to the destination, and the destination will be deceived. But when the destination tries to reply, it will reply to the purported address. That will be an address on your own campus. This packet will be delivered to your own machine. Should this reply get to your gateway, your gateway will not send it off-campus, since the reply is addressed to one of your own machines. Thus no conversation will be established with the intrudeer. Of course this is *not* true of other machines on your campus. A machine on the same Ethernet can pretend to be some other machine, though in many cases error messages will start showing up on the console of the machine being imitated. All of this assumes that the connection between your campus and the outside will be a real IP gateway, e.g. a synchronous line between one of your VAXes and a similar machine on another campus, using the normal Unix gateway software. Or even better, you might use a commercial IP gateway such as those produced by Cisco or Proteon. However if your connection uses a bridge such as the DEC LANbridge, or the Translan, then logically your Ethernet and the other guy's Ethernet are the same. This raises both security and reliability issues. In my opinion, you have to be crazy to use a bridge (as opposed to an IP gateway) between networks for which different groups are responsible. As far as I know, all services that use hosts.equiv