[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remailer in a box
E. ALLEN SMITH writes:
> I see your difficulty. It is an additional one with respect to
> anonymous accounts. Hmm... you could put the burden on other ISPs by only
> having anonymous accounts via telnet access - and not accepting such from
> k12.edu domains. Bit of a limit, though.
1) New .edu registrations are restricted to colleges, but you have
rogues like sidwell.edu (Chelsea's Quaker school), plus the odd
17-year-old attending college like I did.
2) .k12.STATE.us is safe enough to restrict, except that some people
are staff members who will be unhappy. Of course, those people can
just change their DNS so it responds to a PTR request with
a.root-servers.net. So naturally you don't let the students manage
your servers (although frankly, the staff members have little time
or knowledge to do it themselve; most would be happy to find a
trustworthy student). Even so, said smart student will discover
that it's possible to spoof the DNS by spamming a client with
responses. That's particularly easy since the source of the packet
will likely be the same subnet that the smart student.
You can't use the DNS for authentication of any type, particularly if
a Damoclean CDA is hanging over your head.
-russ <[email protected]> http://www.crynwr.com/~nelson
Crynwr Software | Crynwr Software sells packet driver support | PGP ok
11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom.