Undermining Unix
r-commands via IP Address Spoofing
¨When one Unix system trusts another, a user can log into the trusted machine and then access the trusting machine without supplying a password by using rlogin, rsh, and rcp
¨hosts.equiv or
.rhosts files used to implement trusts
¨IP address of trusted system used as weak form of authentication
¨Attacker spoofing IP address of trusted system can connect to trusting system without providing password
¨“Rbone” tool