that there dogma box

Josef Karthauser joe at tao.org.uk
Wed Aug 1 18:56:31 BST 2001


--ctP54qlpMx3WjD+/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 01, 2001 at 03:15:36PM +0100, Ian Pallfreeman wrote:
> I've just rebooted dogma since there was no way else to get into it. I do=
n't
> have the root password, or indeed my own password, and rely on rsh/rlogin=
 to
> get in (and to do backups), and they'd been commented out of inetd.conf. =
I've
> added them back, disabled telnet, then re-enabled it now I think it's saf=
e.
>=20
> I'm aware that people think using rsh/rlogin with a .rhosts is insecure, =
but
> have never been able to figure out why. I suspect it's something to do wi=
th
> IP address spoofing, but naively think this isn't going to be possible if=
 the=20
> only addresses I put into .rhosts are permanently online. Anyone want to =
burst
> my bubble?

It's insecure because it's possible for someone to forge their source ip
address under certain circumstances.  For instance can you prove that
your ISP hasn't been broken into and their routing table violated?

Joe

--ctP54qlpMx3WjD+/
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjtoQs4ACgkQXVIcjOaxUBZngQCfTYl5Cwu5sO/vSBI7OvscaryJ
4NkAn09K1HqSCgOZdYSmp1KUE1qtH90j
=eUp5
-----END PGP SIGNATURE-----

--ctP54qlpMx3WjD+/--




More information about the Ukfreebsd mailing list