Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!ulysses!smb
From: smb@ulysses.homer.nj.att.com (Steven M. Bellovin)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: IP based authentication of hosts
Message-ID: <11428@ulysses.homer.nj.att.com>
Date: 12 Apr 89 18:55:21 GMT
References: <376@ists.ists.ca> <29416@bu-cs.BU.EDU> <Apr.10.23.46.46.1989.12488@geneva.rutgers.edu>
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 14

Using IP source addresses for authentication doesn't work.  In fact, I
just finished a paper which has that as one of its major subthemes;
it will appear in the April 1989 issue of ``Computer Communication Review''.
There are many attacks possible on hosts which believe such address, and
Chuck Hedrick is absolutely correct that one need not hear responses to
a TCP connection request to do harm; details are in the paper.  (Note:
I didn't invent that attack, though I did generalize it a bit.)

In the very near future, we're going to have to use encryption-based
authentication; it's the *only* way.

		--Steve Bellovin
		smb@ulysses.att.com
		att!ulysses!smb