Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!hao!ames!ucbcad!ucbvax!AI.AI.MIT.EDU!JBVB
From: JBVB@AI.AI.MIT.EDU ("James B. VanBokkelen")
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Ethernet Bridge
Message-ID: <281795.871108.JBVB@AI.AI.MIT.EDU>
Date: Sun, 8-Nov-87 17:00:41 EST
Article-I.D.: AI.281795.871108.JBVB
Posted: Sun Nov  8 17:00:41 1987
Date-Received: Sun, 15-Nov-87 06:19:14 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 24


    ...
    Now, what I'm gonna do is put a permanent entry in Elsie's ARP
    cache with Bossie's IP number and ethernet address.  Well, I
    reckon you can get a packet to Elsie that she'll think came from
    Bossie, but I'd like to know how you're going to see the packets
    coming from Elsie destined for Bossie.

    Eric Norman

I haven't yet encountered an Ethernet interface that didn't allow you to
program its hardware address at initialization time.  DECnet relies on
this to get by without ARP.  With some software (ours, for instance), you
must patch (or use a PROM burner) to change the Ether address, but a lot of
other packages offer it as a configuration option, so don't count on a
pre-loaded ARP cache to protect security where hosts are "equivalent".

I'm not a big-time NFS hacker, but I've been told that in an environment
where users can re-boot (or power cycle) their workstations and bring them
up single-user, any file that is accessible by anyone over the network
should be assumed to be accessible by everyone.

James B. VanBokkelen
FTP Software Inc.