[ On Thursday, July 4, 2002 at 16:25:27 (+0200), Wojciech Puchar wrote: ]
> Subject: Re: automatic login
>
> > Needles to say the source of the program (written to see if we'd
> > got promiscuous mode working properly) was quickly deleted.
> >
> > Of course these days network sniffing software is MUCH more common.
> >
> > OTOH if I get my sun 3/60 working ssh is a little OTT for it.
> > rlogin (with .rhosts) requires DNS spoofing - generally tougher
> > than network sniffing.
> 
> if IP numbers are entered DNS spoofing is not a problem

it's not that simple -- especially not if ~/.rhosts contains only names :-)

DNS spoofing requires either: a) the resolver for server to be
mis-configured or to be buggy; and/or b) the DNS zones for the clients
to be hosted on an insecure server.

Unless you can exploit a bug in _my_ authoritative nameserver(s), you
will not be able to spoof any DNS replies related to any of names
trusted in my ~/.rhosts files.

(i.e. the safest possible use of rsh requires that the nameserver
queried by the rshd host be authoritative (eg. be a blind DNS slave) for
all the zones that will be queried to authorize a given client)

(You'll also have a lot harder time doing any TCP level tricks through
my firewall since it rejects all spoofed packets too and I only trust
hosts for rsh access within my own private physical network, not
including the firewall itself of course.)

(of course both rsh with ~/.rhosts and ssh with ~/.shosts require that
the server trust the client's OS kernel not to lie about the user-id
being authenticated -- i.e. these mechanisms transfer the authentication
and initial client authorization responsibilities to the client host)

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>