Having an open system inside your network is generally plain stupid.
Would you feel safe in an environment which could always turn out to be working more against you than you might have expected (which it would as soon as any experienced people were to enter your very kingdom)?
Hell, there's so many things one could do. Random DoS inside that network could actually slightly slow your net down. And if they only broadcast enough stuff, at least the segment that machine is into would suffer from it.
Sniffing? Now what's that! That guy is behaving no good, he actually abuses the resources we just gave away freely. ICMP Redirects? ARP Spoofing? Anything.
The funny thing is that any control and log mechanisms would be the ones to be replaced first.
What do you wanna do? Build a perfectly emulated environment? Chroot and alike can easily be circumvented, but why not do an environment where all the socketcalls even are just fake? Would certainly rule, but I'd like to see that one first.
which obviously nobody could get to run, as t was not statically linked and overally sucked like hell. Calling something which won't even do nothing as bad as this piece of software a client is.. well, an overstatement.
Slashdot Mirror
Would you feel safe in an environment which could always turn out to be working more against you than you might have expected (which it would as soon as any experienced people were to enter your very kingdom)?
Hell, there's so many things one could do. Random DoS inside that network could actually slightly slow your net down. And if they only broadcast enough stuff, at least the segment that machine is into would suffer from it.
Sniffing? Now what's that! That guy is behaving no good, he actually abuses the resources we just gave away freely. ICMP Redirects? ARP Spoofing? Anything.
The funny thing is that any control and log mechanisms would be the ones to be replaced first.
What do you wanna do? Build a perfectly emulated environment? Chroot and alike can easily be circumvented, but why not do an environment where all the socketcalls even are just fake? Would certainly rule, but I'd like to see that one first.
which obviously nobody could get to run, as t was not statically linked and overally sucked like hell. Calling something which won't even do nothing as bad as this piece of software a client is .. well, an overstatement.