From owner-freebsd-questions Mon Jul 7 08:23:11 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA18627 for questions-outgoing; Mon, 7 Jul 1997 08:23:11 -0700 (PDT) Received: from eh.est.is (root@eh.est.is [194.144.208.34]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA18619 for ; Mon, 7 Jul 1997 08:23:05 -0700 (PDT) Received: from didda.est.is by eh.est.is (8.8.5/EST.is/26.01.1996); Mon, 7 Jul 1997 15:13:39 GMT Message-ID: <33C107F3.41C67EA6@est.is> Date: Mon, 07 Jul 1997 15:14:59 +0000 From: Thordur Ivarsson X-Mailer: Mozilla 3.01 (X11; I; FreeBSD 2.2.2-RELEASE i386) MIME-Version: 1.0 To: Brian Somers CC: Sergey Pukach , freebsd-questions@FreeBSD.ORG, kvn@gloom.te.net.ua, vlad@nobulus.tn.odessa.ua Subject: Re: Security hole ? References: <199707012156.WAA26635@awfulhak.demon.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Brian Somers wrote: > > > Hi. > > > > I have two ISP, one of which running FreeBSD and assign static IP > > to all users. For connection I'm using ppp by Toshiharu OHNO. > > Playing wiht /etc/ppp/ppp.conf I'm found amazing (for me) feature. > > This is string from ppp.conf: > > > > add ifaddr a.b.c.d 0 > > > > So, remote server can use any IP and my IP should be a.b.c.d > > If instesd of a.b.c.d I substitute real IP of one of my ISP server > > I can declare myself as another machine. During such connection > > I have received a lot of mail which is not intended to be mine. > > I think skilful hacker can use this in another way. So, how > > ISP can avoid such unproper connections? > > Your ISP should specify > > set ifaddr x.x.x.x a.b.c.d > > thus disallowing you from being anything but a.b.c.d. > > > pss > > > > // Sergey Pukach > > // pss@te.net.ua > > -- > Brian , > > Don't _EVER_ lose your sense of humour.... This happends because of wrong setup of Eudora or some other Mail client software that asks the IP stack for ip number when installed and users don't bother to correct. The ip number of the PPP server is then given in mail from that client and the ISP is relaying the message to the specific IP address, that is bound to you when you call the ISP. I often get mail to other people because of this. Thordur Ivarsson