Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!ames!ucbcad!ucbvax!MCMASTER.BITNET!BEAME
From: BEAME@MCMASTER.BITNET.UUCP
Newsgroups: mod.protocols.tcp-ip
Subject: re:Ethernet Security
Message-ID: <8702160415.AA07101@ucbvax.Berkeley.EDU>
Date: Sun, 15-Feb-87 22:42:00 EST
Article-I.D.: ucbvax.8702160415.AA07101
Posted: Sun Feb 15 22:42:00 1987
Date-Received: Mon, 16-Feb-87 06:59:03 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 29
Approved: tcp-ip@sri-nic.arpa

> How easy is it to impersinate another ethernet address on a ...
 
On an IBM-PC with 3-Com card, all one has to do to impersonate an ethernet
address is to output the desired address to an I/O port on the card and you
have become that address.
 
If you have Micro-Vaxen running VMS and NO other network activity is being
used such as DECNET, then with privilege you can become any ethernet address.
 
I wanted to say the following when the "security messages" were flying, but
I just didn't get around to it.
 
Well here goes : The only method of making ethernet "Semi-secure" is to encrypt
the data packets. But the question of what method of encryption is
appropriate and feasable seems to bog down the incorporation of encryption
into protcols like TCP/IP.
 
 Why can't a range of encryption methods be used, from XOR's to DES, and
make an IP option which indicates the "highest level" that an
implementation supports. The option also could be used to indicate the desired
security level and the level that is obtainable with the current connection.
 
 This way PC/IP's can implement low level encryption and still be
compatible with more sophisticated implementions.
 
Carl Beame
BEAME@MCMASTER.BITNET