Subject: Re: identd with NAT and IPv6 support.
To: Jim Wise <jwise@draga.com>
From: Henry B. Hotz <hotz@jpl.nasa.gov>
List: current-users
Date: 04/02/2002 15:35:22
At 3:14 PM -0500 4/2/02, Jim Wise wrote:
>On Tue, 2 Apr 2002, Henry B. Hotz wrote:
> >I've always considered that if I couldn't trust the machine I was
>>running on then I was pretty much hosed anyway. CFS doesn't prevent
>>root from seeing your data files, nor Kerberos prevent root from
>>impersonating you.
>
>Fine. Than since you trust `the machine', I assume you use .rhosts all
>over the place? IP addresses are not hard to forge...
Ignoring the perhaps-unintentionally insulting tone of the last
response I will note that it's a lot harder to forge source==dest
packets from outside the machine in question than from inside it.
--
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu