[2608] in Kerberos
Re: Re: Kerberos 5 & login (fwd)
daemon@ATHENA.MIT.EDU (Ganesan)
Fri Feb 26 16:19:52 1993
From: bf4grjc@socrates.MIT.EDU (Ganesan)
To: kerberos@Athena.MIT.EDU
Date: Fri, 26 Feb 1993 15:59:59 -0500 (EST)
Reply-To: bf4grjc@bell-atl.com
Forwarded message:
From bf4grjc Fri Feb 26 15:59:03 1993
Subject: Re: Re: Kerberos 5 & login
To: dean@ksr.com (Dean Anderson)
Date: Fri, 26 Feb 1993 15:59:03 -0500 (EST)
In-Reply-To: <9302261937.AA05486@maryann.ksr.com> from "Dean Anderson" at Feb 26, 93 02:37:15 pm
Reply-to:bf4grjc@bell-atl.com
X-Mailer: ELM [version 2.4 PL13]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1940
>
> One possibility in the area of Xterms is to use a 10baseT etherswitch.
>
> The packets from one line go to the destination line and nowhere else
> (hence it is faster). Ethernet broadcasting does not really happen
> any more (unless a packet is sent to the broadcast address), so if the
> cpu server running the xdm is also connected directly to the ether
> switch, your packets are as secure as the physical lines from the
> xterm to the cpu server. Of course, if the physical lines are tapped,
> or you xdm server is on a real broadcast ethernet, the packets are
> still cleartext.
>
Dean Anderson is probably correct in above, but I was under the (probably
mistaken) notion that 10base T, while directly running each loop to the
concenterator, still does broadcast, (i.e. conceptually you are broadcasting
over a star as opposed to broadcasting over a bus) as the basic ETHERNET
protocol does not have any packet forwarding, and that each Ethernet card
needs to listen in to traffic and pick up up what it sees addressed to
itself, does collision detection, etc..
I dont think actual physical tapping should be a major problem, its not
in our environment. (If a hacker has access to do this, he can probably do a
lot worse!). My main concern is with a hacker who ahs remotely broken into
machine X, is running a protocol analyser, picking up xterm traffic and.....
Wish X-Terminals would get disk fast.
Ravi
--
*******************************************************************************
Ravi Ganesan e-mail: ravi@socrates.bell-atl.com
IS SAS Corporate Network Planning v-mail: (301) 595-8439
Bell Atlantic Fax: (301) 595-1341
Note: If your e-mail reply to me bounces, try sending it explicitly to
ravi@socrates.bell-atl.com instead of using the 'reply' feature.
******************************************************************************
--
*******************************************************************************
Ravi Ganesan e-mail: ravi@socrates.bell-atl.com
IS SAS Corporate Network Planning v-mail: (301) 595-8439
Bell Atlantic Fax: (301) 595-1341
Note: If your e-mail reply to me bounces, try sending it explicitly to
ravi@socrates.bell-atl.com instead of using the 'reply' feature.
******************************************************************************
