> Pekka Savola wrote: > Then you have to first compromise the system concerned, going > through all the other protections. > Before you hack the box to circumvent the hosts.allow you still have > to ... well, hack the box! An interesting chicken and egg problem, no?
Never heard of a joe-job from the inside? You might have a 30-second window at the host console while nobody is looking, enough to vi the hosts.allow file, not enough to reconfigure the system. I have seen a case of someone that got hired as a janitor and that spent weeks typing a file one line per day. Hacking a network is 50% social engineering and penetrating the physical defenses, 45% luck, 5% technical; most of the time the moles you get in the inside are not top-notch engineers. > In the same vein, one could say that using local addresses gives > no protection because you could just (as root) add a global address > on the box. Does not do any good if you don't reconfigure the router. Michel. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
