Re: Static IP addresses for Dial-up

Robert Elz <kre@munnari.oz.au> Tue, 30 January 1996 13:29 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa09695; 30 Jan 96 8:29 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa09685; 30 Jan 96 8:29 EST
Received: from nico.aarnet.edu.au by CNRI.Reston.VA.US id aa06448; 30 Jan 96 8:29 EST
Received: from mulga.cs.mu.OZ.AU (mulga.cs.mu.OZ.AU [128.250.1.22]) by nico.aarnet.edu.au (8.6.10/8.6.10) with SMTP id TAA06651 for <cidrd@iepg.org>; Tue, 30 Jan 1996 19:50:48 +1100
Received: from muri.cs.mu.OZ.AU by mulga.cs.mu.OZ.AU with SMTP (5.83--+1.3.1+0.50); id AA09318 Tue, 30 Jan 1996 19:50:35 +1100 (from kre@munnari.OZ.AU)
To: Paul Ferguson <pferguso@cisco.com>
Cc: Brian Carpenter CERN-CN <brian@dxcoms.cern.ch>, peter@unipalm.pipex.com, nanog@merit.edu, cidrd@iepg.org, iab@isi.edu
Subject: Re: Static IP addresses for Dial-up
In-Reply-To: Your message of "Mon, 29 Jan 1996 12:48:00 CDT." <199601291747.JAA15611@lint.cisco.com>
Date: Tue, 30 Jan 1996 19:50:51 +1100
Message-Id: <9961.822991851@munnari.OZ.AU>
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Robert Elz <kre@munnari.oz.au>

    Date:        Mon, 29 Jan 1996 12:48:00 -0500
    From:        Paul Ferguson <pferguso@cisco.com>
    Message-ID:  <199601291747.JAA15611@lint.cisco.com>

You clearly didn't read the message I sent that you replied to...

    Well, not exactly. I was thinking along the lines of something a little
    larger than 'home' access.  :-)

The issue I mentioned was my brother, with a static IP address
from Demon for his one system at home, which connects via
dial up, connecting to my one system at home, which is also
dial up (right now), though basically a permanent connection.

    My point was that filtering on source addresses is not exactly the
    most secure method of access control.

Again, you didn't read my message - I know that source address
filtering is even less secure than other filtering.   However
the source address in one packet is the destination address in
another - and I can filter on that destination address...

I also know that there are attacks that can be made without
requiring return packets at all - those I have to deal with
in other ways (smart card password schemes most certainly
aren't it) regardless of what kind of address (statically
assigned, or dynamically assigned) my brother gets.

kre