On Mon, 8 Dec 2003 23:14, "Julian Mehnle" <[EMAIL PROTECTED]> wrote: > > One problem with this is developer's machines that are on dial-up > > Internet connections. ÂIn the case of such machines you can verify the > > host key but not the IP address. > > You cannot verify the IP address *exactly*, but you can verify whether the > IP address lies within a range. ÂDial-up users could at least register a > certain address range, so as to vastly mitigate the attack risk. ÂApart > from that, as soon as the use of IPv6 broadens, dynamically assigned IP > addresses will diminish.
That will work in some situations, but not in all. If a DD is visiting the Netherlands they may use a zonnet.nl dial-in (Zon is one of the biggest Dutch ISPs and a likely choice). Zon had over 10,000 phone lines in Amsterdam last time I checked (not sure if it has increased or decreased since then). Amsterdam also has many skillful hackers (most ethical, but I'm sure there are some "black hats" too). So in this situation (which is not very hypothetical given the number of DD's who visited me when I lived in Amsterdam) the DD would get random IP addresses from the same pool as the attacker. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page