Date: Mon, 2 Nov 1998 14:03:45 +0100 (CET) From: Mikael Karpberg <karpen@ocean.campus.luth.se> To: jas@flyingfox.com (Jim Shankland) Cc: dima@best.net, freebsd-security@FreeBSD.ORG Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) Message-ID: <199811021303.OAA24194@ocean.campus.luth.se> In-Reply-To: <199811020832.AAA15786@biggusdiskus.flyingfox.com> from Jim Shankland at "Nov 2, 98 00:32:12 am"
next in thread | previous in thread | raw e-mail | index | archive | help
According to Jim Shankland: > dima@best.net (Dima Ruban) writes: > > > Let me ask you this. Would you trust a packet that came from > > non-priviledged port and which wants to do something that even > > remotely should be secure? > > No. Same as for a packet that came from a privileged port. > > A packet's source port is a pretty weak authenticator, to coin > an understatement. Why? I'd say it's a pretty safe way of authentication. Specially as a first check, before you move on to stronger checks. I'd say you can't spoof it, since the trusted machines on your net (and you check that it's a trusted machine first, you know) will not let any user grab such ports, and you (OFCOURSE!!!) have a firewall or router between your net and the internet that will reject any incomming packets with source addreses from the inside net. It's all in the enviroment. /Mikael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811021303.OAA24194>