From owner-freebsd-current  Sun Sep 21 08:51:49 1997
Return-Path: <owner-freebsd-current>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id IAA04884
          for current-outgoing; Sun, 21 Sep 1997 08:51:49 -0700 (PDT)
Received: from ox.ismi.net (root@ox.ismi.net [206.31.56.6])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id IAA04876
          for <current@FreeBSD.ORG>; Sun, 21 Sep 1997 08:51:43 -0700 (PDT)
Received: from rhiannon.dyn.ml.org (mrr@pm2-11.ismi.net [206.31.56.51]) by ox.ismi.net (8.6.9/8.6.9) with SMTP id LAA28059; Sun, 21 Sep 1997 11:49:09 -0400
Date: Sun, 21 Sep 1997 11:54:13 -0400 (EDT)
From: "Michael R. Rudel" <mrr@rhiannon.dyn.ml.org>
To: dmaddox@scsn.net
cc: "Jordan K. Hubbard" <jkh@time.cdrom.com>, current@FreeBSD.ORG
Subject: Re: Problems with -current ppp
In-Reply-To: <19970921110054.48267@scsn.net>
Message-ID: <Pine.BSF.3.96.970921115254.5786A-100000@rhiannon.dyn.ml.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 21 Sep 1997, Donald J. Maddox wrote:
[... SNIP ...]
> > > 
> > > Well, this is a one-user box, so that's not really a concern.  In any case,
> > > Brian informed me in private mail of a neat little trick to accomplish what
> > > I wanted.
> > 
> > Tell me your IP address and the hours when you're generally on and
> > surfing.  I'll show you how "one user" that box is. ;-)
> > 
> > 					Jordan
> 
> Ok.  My IP addres is dynamically assigned by my ISP (scsn.net), so the most
> I can tell you is that it will be ppp???.coladlp?.scsn.net.  I usually only
> use the PPP connection long enough to get my email, then kill it.  Most
> incoming connections are denied by tcp wrappers.  Good luck :-)
> 
> Seriously, I understand the need for security in ppp, and I would rather have
> it secureable even if it means a little inconvenience (like having to type a
> password).  However, since the window of insecurity is so small in this case,
> if I can trade security for convenience, I will.
> 
> This is not an appeal to have ppp's security enhancements reverted.  Clearly,
> making ppp more secure is a Good Thing.
> 

TCP_WRAPPERS are very spoofable. I suggest using IPFW, even though it
becomes a large pain to use FTP and such, if your worried about security.



--
Michael R. Rudel -=- FreeBSD: There are no limits -=- mrr@aerosmith.dyn.ml.org
FreeBSD aerosmith.dyn.ml.org 3.0-CURRENT
		Rhiannon rings like a star through the night ...	
  		    and you wouldn't you love to love her?
		  Takes to the sky like a bird in flight ...
	 	        and who will be her lover?
			- Rhiannon (Fleetwood Mac)