HENRYM@SACMGR.UUCP (02/15/90)
[ I posted this previously on the CMU-TEK-TCP mailing list. ] We are in the process of connecting our numerous Novell networks into our building-wide backbone. We will be using NCSA Telnet on the various PC's to connect to our VAX systems so that the users can use the PC's as terminals. However, we see a problem with letting the individual users grab their boot disks from another user, in that the config file for that particular PC has their Internet number hardwired into it. For security reasons, we want to enfore the rule that each PC has a unique, assigned Internet number. Therefore, it occurs to us that the RARP option that NCSA Telnet can support would be an ideal solution. Is there an implementation of RARP that will run with CMU-TEK TCP? This is a "needs to be done yesterday" priority. Thanks in advance. -HWM ---------- Henry W. Miller Assistant Systems Manager, Mid Pacific Region U.S. Bureau of Reclamation 2800 Cottage Way MP1100 Sacramento, CA 95825 (916) 978-5108 / FTS 460-5108 Inet: "sanj!sacwms!henrym@caldwr.water.ca.gov" (Vaxcluster) "sanj!sacusr!henrym@caldwr.water.ca.gov" "sanj!sacmgr!henrym@caldwr.water.ca.gov" BITNET: "hmiller@scu" !Warning: This is NOT the same machine as the above cluster. UUCP: "...caldwr!sanj!henrym" "Bad guys abuse public land, good guys save it."
ssw@cica.cica.indiana.edu (Steve Wallace) (02/16/90)
HENRYM@SACMGR.UUCP writes: > We are in the process of connecting our numerous Novell networks >into our building-wide backbone. We will be using NCSA Telnet on the >various PC's to connect to our VAX systems so that the users can use >the PC's as terminals. However, we see a problem with letting the >individual users grab their boot disks from another user, in that the >config file for that particular PC has their Internet number hardwired >into it. For security reasons, we want to enfore the rule that each >PC has a unique, assigned Internet number. Therefore, it occurs to us >that the RARP option that NCSA Telnet can support would be an ideal >solution. >-HWM There is a simple hack that will allow IP address to be assigned dynamically my the Novell server. In the system login script include the following line: set myip = "%station" Create a batch file something like this echo myip = 129.79.16.%myip% > config.tmp copy config.tmp + base.tel config.tel telbin %1 %2 %3 Make base.tel your standard config.tel file minus the "myip" line. This will work for some environments. The %station will be a unique number between 1 and 100 for each workstation attached to that server. Steven Wallace ssw@lavanix.bacs.indiana.edu
HENRYM@SACMGR.UUCP (02/21/90)
I'd like to thank those who responded to me concerning the use of RARP for our local PC network. However, I don't think I made my intention really clear. The use of a hardwired number or even a generated number in CONFIG.TEL or any other file that the user can modify or even know about is unacceptable. We must have a method, i.e., RARP of associating the IP number with the ENET address of the PC in question, otherwise our internal security and auditing procedures fall apart. That is why we need RARP, or something similar. -HWM ---------- Henry W. Miller Assistant Systems Manager, Mid Pacific Region U.S. Bureau of Reclamation 2800 Cottage Way MP1100 Sacramento, CA 95825 (916) 978-5108 / FTS 460-5108 Inet: "sanj!sacwms!henrym@caldwr.water.ca.gov" (Vaxcluster) "sanj!sacusr!henrym@caldwr.water.ca.gov" "sanj!sacmgr!henrym@caldwr.water.ca.gov" BITNET: "hmiller@scu" !Warning: This is NOT the same machine as the above cluster. UUCP: "...caldwr!sanj!henrym" "Bad guys abuse public land, good guys save it."
jbvb@VAX.FTP.COM (James Van Bokkelen) (02/22/90)
I strongly suggest that you reconsider creating a situation where "...our internal security and auditing procedures..." depend on management control of IP addresses used by PCs. All of the freeware and commercial TCP/IP packages allow the users to set the IP address as they please. If you leave it out of your in-house documentation and don't distribute the complete package you're just laying yourself open to someone who figures out how to use FTP. Even if you hack the source, you still have a lot of people who know how to use DEBUG.COM... .rhosts files and /etc/hosts.equiv are *dangerous* to depend on for security. James B. VanBokkelen 26 Princess St., Wakefield, MA 01880 FTP Software Inc. voice: (617) 246-0900 fax: (617) 246-0901