woods@weird.com (Greg A. Woods) writes:
> I.e. the threat of sniffing is much much greater, especially inside a
> LAN segment, even a switched one, than is the risk of someone performing
> a TCP connection theft attack.  It is much much higher than the risk of

(If someone is in a position to sniff, then they can spoof very
easily. There's even code out there to do the hard work for them.)

I'd suggest also leaving inetd switched off in the default boot
configs, so that someone does have to go to the trouble of turning it
on (in fact, leave switched off just about everything that listens for
and accepts connections - portmapper and assorted rpc servers,
sendmail, etc.)

James.