OK  I'll  not mess about with good English here,  making  ypghost
user  friendly  and  documenting  it  is  becoming  a  bit  of  a
drag........ 

Firstly  let me explain that this is a pre-release version, i. e.
I  don't want too many copys of it floating about, as I  plan  to
release  a  proper  version (which may or may  not  be  virtually
identical) very soon, as long as no nasty bugs or surprises  turn
up.   *Please* do not distribute this, as that obviously  defeats
the  object of having a pre-release version, in fact  don't  even
tell people you have this ;-) 

If  your unsure what ypghost is supposed to do, you  should  read
the  paper  by D.Hess (the file name is probably  NIS_Paper.ps),
available  from  my  WWW page amongst other  places.   The  paper
explains  the  general principle and describes a  program  called
'ypfake'  which apparently does the same thing that  ypghost  now
does.   Note  that this 'ypfake' program is not  available  (Many
thanks  to  D. Hess for confirming this BTW),  and  since  it  is
described  as  using Sun's NIT, I suppose it would only  work  on
Suns anyway. 

Note  that ypghost only fakes UDP replies to YPPROG_MATCH  calls,
so  the false entries will not show up if you try looking at  the
maps with ypcat etc, although thats explained in NIS_Paper.ps

I  have  so  far  tested ypghost  on  linux  using  the  loopback
interface  (which  seems  to be of 'ethernet'  type)  and  on  an
ethernet  network  of  Suns.   Linux  &  loopback  worked   fine,
although  for  some reason it seemed to work consistently  for  a
while,  then  not  work  consistently  for  a  while,  then  work
consistently   again,  presumably  if  you  tipped  the   balance
slightly by nice'ing ypserv or something, it probably would  work
consistently all the time.  

The test on the network of Suns is obviously a much better  test.
I  was  slightly surprised that with all the  machines  idle  the
real response consistently beat the spoofed response, this  could
be  for  a  variety of reasons, perhaps the  positioning  of  the
machines,  or maybe libpcap is slow on Suns.  Anyway,  bombarding
the  NIS  server  with a few NFS requests soon  popped  the  load
average up, and ypghost began to work fine.  

I now have BSD installed on my machine, although not an  ethernet
card.  I  should  manage to test it some way  though  before  the
proper  release,  and from what I've read I wouldn't  expect  any
problems. 

I  really  can't be bothered to explain the basic  principles  of
NIS  and UDP spoofing here.  Although I will say,  despite  group
wheel,  secure  consoles,  passwd  shadowing  and  efficient  NIS
servers,  it does actually work, for me anyway, so do  persevere,
it at first you don't succeed.... 
               (the limitations described in the man page aside.)

No  it wont work if NIS+ is being used, NIS+ is not  something  I
know  much  about  yet  but I gather  its  use  is  still  fairly
limited, as not many machines can actually use it at the  moment,
although  if  you  have *nothing* but solaris  machines  on  your
network  your  using,  you may  be  disappointed  (or  pleasantly
surprised  if  you're a fascist sysadmin).  THAT IS  NOT  TO  SAY
THAT  NIS+ IS SECURE, please don't come to any  conclusions  like
that,  quite  frankly I can't think of  any  obvious  conclusions
that  can  be drawn from ypghost, other than common  sense  ones,
like  that  confidential data should never be  kept  on  Internet
connected computers. 

Oh yeah, if your planning to do anything with the source at  all,
*do*  let  me  know, I might be able to send  you  some  comments
even.   If you're used to normal RPC programming, I do  apologise
if  my  code  makes you feel physically sick,  or  if  you  can't
actually  believe  what you see.  In its defense  I'll  just  say
that,  even though I couldn't test it while I was writing it,  it
*did* work virtually the first time I tried it.   I  also  wanted
to make it portable, even to systems that may not have rpcgen. 

Apologies  for  retaining all copyright on ypghost,  if  somebody
actually  paid  me  for  doing  stuff  like  this  I  might  feel
differently,  but they don't, and I don't suppose using  my  time
to  do  stuff like this will get any credit with  the  Employment
Service, who expect me to spend all my time looking for  cleaning
jobs (or whatever else pays 50quid for a 72 hour week). 

Finally  having  spoofed packets on your network  could  possibly
confuse it, I take no responsibility for anything ypghost does. 

Please  let  me  know  of  any  bugs,  as  I  certainly   haven't
exhaustively  tested it (testing it *once* was  enough  hassle). 
Similarly  let  me  know if its worked fine on such  and  such  a
system.   In fact any comments would be welcome, although  please
put the word 'ypghost' in the subject line. 

Cheers,

Arny - cs6171@scitsc.wlv.ac.uk

http://www.scit.wlv.ac.uk/~cs6171/hack/index.html

