On Wed, 2 Jan 2002, Clifton Royston wrote: > One of the dangers of relying on INADDR, besides it becoming a nearly > useless check with the Internet in its present state, is that if it > *replaces* the raw IP address in logging, it allows an actual malicious > attacker to trivially conceal their point of attack. I'm surprised how > many applications not only expect INADDR to be there but blindly rely > on it if it is.
Example: sendmail. Only fixed4 years after I filed this behaviour as a security issue. Simlar statements can apply to the uuse of ident protocols. They are only of use to the admin of the originating machine to determine if a particular user has been naughty or if the machine is hacked. Anyone relying on ident data on the receiving end is merely lucky if they haven;t been burnt by it yet. AB
