Path: utzoo!yunexus!ists!eric
From: eric@ists.ists.ca (Eric M. Carroll)
Newsgroups: comp.protocols.tcp-ip
Subject: IP based authentication of hosts
Keywords: IP authentication
Message-ID: <376@ists.ists.ca>
Date: 9 Apr 89 22:34:35 GMT
Article-I.D.: ists.376
Reply-To: eric@ists.ists.ca (Eric M. Carroll)
Organization: Institute for Space and Terrestrial Science
Lines: 20

While pondering the vulnerabilities that we are about to expose
ourselves to when we connect up to the Internet, I have been left with
some questions about the believability of IP addresses.

Namely, most bsd/sunOs authentication is done on the basis of host name
(ie ip address) then (sometimes) uid. UID authentication is clearly 
meaningless. But given a packet coming in to my machine with a forged IP
source address, what are the chances of an attacker actually
establishing a real tcp connection? What UDP based services would *not*
require a response to work (ie what could he do blind)? What conditions 
would be required to allow the attacker to sucessfully represent themselves
as another host?

A first cut look at the problem suggests that in the world of routers,
forged IP address can be delivered to the target but responses don't
get returned to the attacker. A one-way connection. Looks useless at
first glance.

Any comments or paper references would be appreciated. Email to me, 
and I will summarize. Thanks.