Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!purdue!decwrl!sgi!vjs@rhyolite.SGI.COM
From: vjs@rhyolite.SGI.COM (Vernon Schryver)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: IP based authentication of hosts
Summary: standard tools work too
Message-ID: <30716@sgi.SGI.COM>
Date: 14 Apr 89 17:45:49 GMT
References: <376@ists.ists.ca> <29416@bu-cs.BU.EDU> <710@scaup.cl.cam.ac.uk>
Sender: daemon@sgi.SGI.COM
Organization: Silicon Graphics, Inc., Mountain View, CA
Lines: 18

In article <710@scaup.cl.cam.ac.uk>, scc@cl.cam.ac.uk (Stephen Crawley) writes:
> Kent England writes:
> > My secure subnet might be a delni in a locked equipment rack.
> 
> Do the physically secure machines on the LAN run a secure OS?  If not, 
> what is to stop JR Hacker from indulging in a bit of unauthorised spade 
> work on the OS kernel to give himself access to ethernet packets?  

Why dig up the kernel?  More than one workstation vendor provides standard
tools to send and receive arbitrary ethernet packets.  Remember nit,
tcpdump, and etherfind from one of those vendors.  Others have what they
consider better.  Many paying customers think they require raw ether for
real applications (i.e. something they'll pay for).


Vernon Schryver
Silicon Graphics
vjs@sgi.com