Date: Mon, 07 Jul 1997 15:14:59 +0000 From: Thordur Ivarsson <thivars@est.is> To: Brian Somers <brian@awfulhak.org> Cc: Sergey Pukach <pss@gloom.te.net.ua>, freebsd-questions@FreeBSD.ORG, kvn@gloom.te.net.ua, vlad@nobulus.tn.odessa.ua Subject: Re: Security hole ? Message-ID: <33C107F3.41C67EA6@est.is> References: <199707012156.WAA26635@awfulhak.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Somers wrote: > > > Hi. > > > > I have two ISP, one of which running FreeBSD and assign static IP > > to all users. For connection I'm using ppp by Toshiharu OHNO. > > Playing wiht /etc/ppp/ppp.conf I'm found amazing (for me) feature. > > This is string from ppp.conf: > > > > add ifaddr a.b.c.d 0 > > > > So, remote server can use any IP and my IP should be a.b.c.d > > If instesd of a.b.c.d I substitute real IP of one of my ISP server > > I can declare myself as another machine. During such connection > > I have received a lot of mail which is not intended to be mine. > > I think skilful hacker can use this in another way. So, how > > ISP can avoid such unproper connections? > > Your ISP should specify > > set ifaddr x.x.x.x a.b.c.d > > thus disallowing you from being anything but a.b.c.d. > > > pss > > > > // Sergey Pukach > > // pss@te.net.ua > > -- > Brian <brian@awfulhak.org>, <brian@freebsd.org> > <http://www.awfulhak.org>; > Don't _EVER_ lose your sense of humour.... This happends because of wrong setup of Eudora or some other Mail client software that asks the IP stack for ip number when installed and users don't bother to correct. The ip number of the PPP server is then given in mail from that client and the ISP is relaying the message to the specific IP address, that is bound to you when you call the ISP. I often get mail to other people because of this. Thordur Ivarsson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33C107F3.41C67EA6>