Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!ames!ucbcad!ucbvax!EMORY.ARPA!km
From: km@EMORY.ARPA.UUCP
Newsgroups: mod.protocols.tcp-ip
Subject: Ethernet Security
Message-ID: <8702151925.AA02456@emory.eu>
Date: Sun, 15-Feb-87 14:25:30 EST
Article-I.D.: emory.8702151925.AA02456
Posted: Sun Feb 15 14:25:30 1987
Date-Received: Mon, 16-Feb-87 01:48:40 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 14
Approved: tcp-ip@sri-nic.arpa

How difficult is it to do ethernet address impersonation without
hardware (including eprom) modification in commonly available
workstations? For example, we have: Sun 3's, Microvaxen, 3B2s,
3B1's, and IBM PCs with 3-COM cards. On which of these could
the Super user (or any user on the PC), alter his ethernet address
in software without taking the box apart?

I realize this is one tiny aspect of security, but it is one our
administration has seized upon. It turns out our departmental
ethernets are linked with filtered bridges, which have a naive
filtering criteria. If they have ever seen an ethernet packet with
a given source address on an ethernet, they will from then on
pass all packets with that destination address accross the
bridge to that ethernet.