l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2005 Mar 18 14:33

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] xhost+: Why you should NEVER DO THAT
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] xhost+: Why you should NEVER DO THAT

Quoting Peter Jay Salzman (p@dirac.org):

> However, it should be pointed out that once someone gets access to your LAN,
> even ssh, sshd and gnupg are all suspects.

I can actually speak to this from having lived that situation.  Maybe
you never visited the CoffeeNet in its heyday.  (Web mirror:
http://linxumafia.com/coffeenet/)  It was a 100% Linux-based Internet
cafe in a small two-story building in South of Market, San Francisco.  I
helped the owner, Richard Couture, build it.  He and I lived in the two 
apartments, upstairs -- plus there was a sort of "community room" at the
bottom of the stairs, behind the cafe.

The entire building was on real public IP space, using hubs rather than
switches (a consequence of the years in question), which all was
connected to the Internet over a T1 line.   The hubs included ports
accessible to the public _inside_ the cafe, where people could plug in

_So_, I lived with the knowledge that my home LAN was utterly public.
Therefore, I could not and did not trust the LAN.

My point is that this was _not a problem_:  Anything that I cared about
not being sniffable got encrypted, and I took care of my own nameservers
(taking measures to protect them against cache poisoning).  While I was
at it, I figured:  Why not also adopt a model that none of the machines
trusts each other, either?  This, likewise, proved pretty easy once I
got well into the mindset.  I still use that model, today:  Each of my
machines has a "security perimeter" at the edge of its case, and I place
no reliance whatsoever on "firewalls" for primary protection.  (If
memory serves, even at my interior NAT host, the only rulesets I used
were ones to reject spoofed packets and certain sorts of broadcasts.)

My experience suggests that you're not correct that ssh, sshd, and gnupg
all automatically become suspects, in cases like that.  To the contrary,
they become primary tools.  The only complication is that you have to be
really careful about key management, in order to foil imposters and MitM
attacks.  But you should do that, _anyway_.

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!