Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!att!dptg!ulysses!ucbvax!VAX.FTP.COM!jbvb
From: jbvb@VAX.FTP.COM (James Van Bokkelen)
Newsgroups: comp.protocols.tcp-ip.ibmpc
Subject: Re: Rarp, anyone?
Message-ID: <9002221437.AA11700@vax.ftp.com>
Date: 22 Feb 90 14:37:30 GMT
References: <9002210220.AA01272@sanj>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 14

I strongly suggest that you reconsider creating a situation where
"...our internal security and auditing procedures..." depend on
management control of IP addresses used by PCs.  All of the freeware
and commercial TCP/IP packages allow the users to set the IP address
as they please.  If you leave it out of your in-house documentation
and don't distribute the complete package you're just laying yourself
open to someone who figures out how to use FTP.  Even if you hack the
source, you still have a lot of people who know how to use
DEBUG.COM...

.rhosts files and /etc/hosts.equiv are *dangerous* to depend on for security.

James B. VanBokkelen		26 Princess St., Wakefield, MA  01880
FTP Software Inc.		voice: (617) 246-0900  fax: (617) 246-0901