Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.csd.uwm.edu!cs.utexas.edu!usc!ginosko!xanth!mcnc!decvax!testmax.ZK3.DEC.COM!evans From: evans@testmax.ZK3.DEC.COM (Marc Evans Ultrix Q/A) Newsgroups: comp.unix.wizards Subject: Re: Unix network security (was "CERT Internet Security Advisory") Message-ID: <5491@decvax.dec.com> Date: 18 Aug 89 11:34:48 GMT References: <3942@phri.UUCP> <3855@fy.sei.cmu.edu> <1064@accuvax.nwu.edu> Sender: news@decvax.dec.com Lines: 19 Re: Unix network security (was "CERT Interne roy@phri.UUCP > check the hostname against a list of "allowed" hosts? Chances are that if I were smart enough to modify something like telnet to trace lognames/passwords, it wouldn't be too hard for me to also know what the hostnames are, that were communicating. I could also probably know the internet address and maybe even the hardware address. Assuming that I can get this information, then it probably isn't too hard for me to set up my host to mimic the environment used by the authorized user(s). I am not trying to say that the idea isn't a bad one. It would probably make it more difficult for people to gain unauthorized access. What I am saying is that you will probably never remove all possible access means as long as machines are networked together, and people have access to either the console or the super users account at some point in time. ========================================================================== Marc Evans - WB1GRH - evans@decvax.DEC.COM | Synergytics (603)893-8481 Unix/X-window Software Contractor | 3 Koper Ln, Pelham, NH 03076 ==========================================================================