On Wed, 21 Sep 2011 01:38:28 +0200, ropers wrote:
<snip part that isn't relevant to this message> >1. Legit user authenticates with authpf. >2. After authentication, PF (if thusly configured) just allows that IP >full access to various and sundry services it otherwise blocks. >3. While the legit user remains authenticated, an intruder who manages >to spoof the legit user's IP would be able to likewise send traffic >through. > It need not be spoofed. If you use authpf whilst your are on a LAN that is NATted (very common) everyone on that LAN will be able to access your remote host. So that means that sniffing your traffic would reveal the remote IP and away the sniffer goes port scanning your "secure" box. >That doesn't mean the intruder would be able to authenticate >themselves, they'd just ride the legit user's coattails. We refer to it as tailgating. It was being used, in a limited form, before authpf was invented. People used to use POP before SMTP to allow outgoing mail to be sent without a secure login for sending. That allows others at the same IP to spam madly. > >Well, unless I'm completely confused too. > No, you're fine. *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
