that there dogma box

Ceri Storey cez at
Wed Aug 1 16:30:29 BST 2001

On Wed, Aug 01, 2001 at 03:15:36PM +0100, Ian Pallfreeman wrote:
> I'm aware that people think using rsh/rlogin with a .rhosts is insecure, but
> have never been able to figure out why. I suspect it's something to do with
> IP address spoofing, but naively think this isn't going to be possible if the 
> only addresses I put into .rhosts are permanently online. Anyone want to burst
> my bubble?

Well, I'll have a go ;)
The problem with rsh / rlogin, is that it's only as secure as the
intemediary networks. Ie: any machine along the route your connection
takes, can be used to spoof connections. Even if the machine beeing
spoofed is already up. Tools like ettercap, hunt etc make this *very*
easy to do. 

Also, if you use symbolic names in the .rhosts file, as opposed to
numeric ip addresses, then it's possible for the person with control of
the reverse mappings for the source ip range to have that ip resolve to
an arbitrary name. Although this is only effective when if you dont use 
double reverse lookups (ie: check the forward address of the result of
the reverse lookup). 

Ceri Storey <cez at>
vi(1)! qmail(7)! pie(5)!

More information about the Ukfreebsd mailing list