Subject: Re: identd with NAT and IPv6 support.
To: Jim Wise <jwise@draga.com>
From: Matt Doughty <mdoughty@japan.ea.com>
List: tech-net
Date: 04/03/2002 08:10:27
>
> >I've always considered that if I couldn't trust the machine I was
> >running on then I was pretty much hosed anyway. CFS doesn't prevent
> >root from seeing your data files, nor Kerberos prevent root from
> >impersonating you.
>
> Fine. Than since you trust `the machine', I assume you use .rhosts all
> over the place? IP addresses are not hard to forge...
>
He was talking about users on the same host. Its trivial and proper to
block packets from the network with 127.0.0.0/8 or the machines own ip
addr. I don't care for Ident in general, but that doesn't mean it has
no uses at all.
--Matt
--
"Take away them collisions and the common channel and it's like Christianity
without Christ." -Jim Breen (speaking about "full-duplex" Ethernet)