Subject: Re: identd with NAT and IPv6 support.
To: Jim Wise <jwise@draga.com>
From: Matt Doughty <mdoughty@japan.ea.com>
List: netbsd-users
Date: 04/03/2002 08:10:27
> 
> >I've always considered that if I couldn't trust the machine I was
> >running on then I was pretty much hosed anyway.  CFS doesn't prevent
> >root from seeing your data files, nor Kerberos prevent root from
> >impersonating you.
> 
> Fine.  Than since you trust `the machine', I assume you use .rhosts all
> over the place?  IP addresses are not hard to forge...
> 

He was talking about users on the same host.  Its trivial and proper to
block packets from the network with 127.0.0.0/8 or the machines own ip
addr.  I don't care for Ident in general, but that doesn't mean it has
no uses at all. 

--Matt  
-- 
"Take away them collisions and the common channel and it's like Christianity 
 without Christ." -Jim Breen (speaking about "full-duplex" Ethernet)