[1728] in North American Network Operators' Group
Re: Static IP addresses for Dial-up
daemon@ATHENA.MIT.EDU (marthag@MIT.EDU)
Tue Jan 30 13:40:24 1996
From: marthag@MIT.EDU
Date: Tue, 30 Jan 96 13:32:02 -0500
To: Paul Ferguson <pferguso@cisco.com>
Cc: Robert Elz <kre@munnari.oz.au>,
"Brian Carpenter CERN-CN"
<brian@dxcoms.cern.ch>,
peter@unipalm.pipex.com, nanog@merit.edu, cidrd@iepg.org, iab@isi.edu
In-Reply-To: "[2323] in Classless InterDomain Routing"
> At 09:36 PM 1/29/96 +1100, Robert Elz wrote:
>
> >
> >That sounds like a perfect place for a dynamic address, however,
> >if he had that, it would make life harder for me. With his
> >static address I can instal filters to give him more access to
> >my system at home (which is basically permanently connected, and
> >not a PC) than I allow all the rest of you. (For Tony's
> >benefit - no, this is not relying on source address filtering,
> >I actually filter the packets that my system sends out, I will
> >let it send packets to him that I won't let it send elsewhere,
> >which has basically the same effect).
> >
>
> I can certainly understand the need for access control & security, but
> with the use of a smart-card one-time password system, this is a moot
> point.
>
> - paul
You are ignoring the risks of the session being stolen after the
password is given. Outbound filters will help this, strong end-to-end
encryption will prevent it.
Martha Greenberg
marthag@mit.edu
