From owner-freebsd-security Wed Jan 19 22:52:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from foobar.franken.de (foobar.franken.de [194.94.249.81]) by hub.freebsd.org (Postfix) with ESMTP id 4DED215369 for ; Wed, 19 Jan 2000 22:52:23 -0800 (PST) (envelope-from logix@foobar.franken.de) Received: (from logix@localhost) by foobar.franken.de (8.8.8/8.8.5) id HAA03775; Thu, 20 Jan 2000 07:51:52 +0100 (CET) Message-ID: <20000120075151.A3515@foobar.franken.de> Date: Thu, 20 Jan 2000 07:51:51 +0100 From: Harold Gutch To: sen_ml@eccosys.com, freebsd-security@FreeBSD.ORG Subject: Re: ssh-feature 'backdoor' References: <20000119155203.C8404@is.co.za> <20000119154348.A6412@supra.rotterdam.luna.net> <20000119165350.E8404@is.co.za> <20000120001840W.1000@eccosys.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <20000120001840W.1000@eccosys.com>; from sen_ml@eccosys.com on Thu, Jan 20, 2000 at 12:18:40AM +0900 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jan 20, 2000 at 12:18:40AM +0900, sen_ml@eccosys.com wrote: > marcs> Ah ok -- I see what you mean. I suppose another way you could kind of > marcs> prevent this is to use tcp_wrappers thereby being sure that only the > marcs> hosts you want can get into the box. > > 'being sure' is a bit strong don't you think? if someone has spoofed the > ip address it doesn't help you at all. You want to do a blind-spoof on a cryptographic key-exchange? Good luck. bye, Harold -- Someone should do a study to find out how many human life spans have been lost waiting for NT to reboot. Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message