Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.csd.uwm.edu!cs.utexas.edu!usc!ginosko!xanth!mcnc!decvax!testmax.ZK3.DEC.COM!evans
From: evans@testmax.ZK3.DEC.COM (Marc Evans Ultrix Q/A)
Newsgroups: comp.unix.wizards
Subject: Re: Unix network security (was "CERT Internet Security Advisory")
Message-ID: <5491@decvax.dec.com>
Date: 18 Aug 89 11:34:48 GMT
References: <3942@phri.UUCP> <3855@fy.sei.cmu.edu> <1064@accuvax.nwu.edu>
Sender: news@decvax.dec.com
Lines: 19
Re: Unix network security (was "CERT Interne  roy@phri.UUCP

> check the hostname against a list of "allowed" hosts?

Chances are that if I were smart enough to modify something like telnet to
trace lognames/passwords, it wouldn't be too hard for me to also know what
the hostnames are, that were communicating. I could also probably know the
internet address and maybe even the hardware address. Assuming that I can
get this information, then it probably isn't too hard for me to set up my
host to mimic the environment used by the authorized user(s).

I am not trying to say that the idea isn't a bad one. It would probably
make it more difficult for people to gain unauthorized access. What I am
saying is that you will probably never remove all possible access means
as long as machines are networked together, and people have access to
either the console or the super users account at some point in time.

==========================================================================
Marc Evans - WB1GRH - evans@decvax.DEC.COM  | Synergytics    (603)893-8481
     Unix/X-window Software Contractor      | 3 Koper Ln, Pelham, NH 03076
==========================================================================