Dear colleagues, We received a suggestion that a short section outlining the history of the use of reverse mapping in security contexts would be a good thing to add to the reverse-mapping-considerations draft. I have some proposed text to add. Before I add it, I'd like to ask for comments. I am hoping that this text will be relatively uncontroversial, but if it proves to be more contentious than the document has been already, I'll cheerfully leave it out.
2.1 Historical origins of reverse mapping use in security .in 3 The growth of the Internet in the late 1980s and early 1990s brought with it attackers who acquired access to machines without authorization. Many systems attached to the Internet up to that time were poorly prepared for such attacks, and administrators were forced to react using available resources rather than to redesign the network to meet the new security challenges. The popular TCP Wrapper package was originally conceived to discover the network location of an attacker [Venema1992]. It used the reverse mapping of a connecting host to provide the hostname of that host in its output. During the same period, the so-called "UNIX r* commands", like rlogin [RFC1282] and [RFC1258], were widely used, in spite of warnings that they were prone to abuse [Reid1987]. The r* commands allowed users to employ a list of trusted hosts, from which connections would be accepted and authenticated without password (sometimes called the "rhosts authentication" mechanism). The mechanism remained in widespread use (in spite of known flaws) because of its convenience. Since the list of trusted hosts was a simple list of hostnames or addresses, an attacker could acquire access by intercepting the DNS query for a hostname, and replying with the IP address from which the attacker was making the rhosts authentication attempt. (This was not the only weakness in the mechanism, but it is the most relevant to reverse mapping.) In an effort to strengthen the rhosts authentication mechanism, the TCP Wrapper package soon offered the ability to perform reverse mapping matching checks. If the reverse and forward mappings did not match, the wrapper program would terminate the connection before checking any of its other permissions. This mechanism could be used for all connections, on the grounds that forward and reverse mismatches were an indication either that an attack was in progress; or else that the network was badly managed, and therefore a likely origin for attack. Best regards, Andrew -- Andrew Sullivan 204-4141 Yonge Street Afilias Canada Toronto, Ontario Canada <[EMAIL PROTECTED]> M2P 2A8 jabber: [EMAIL PROTECTED] +1 416 646 3304 x4110 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www1.ietf.org/mailman/listinfo/dnsop