Bob.Webber@aramis.RUTGERS.EDU (06/30/88)
In article <171@lakart.UUCP>, dg@lakart.UUCP (David Goodenough) writes: > I think the results of the sendsys at lakart tend to suggest that Mr. > Webber was not responsible. ... > Now if only the sendsys requests were still around, I could look at > them and start figuring where they did come from. Yes, it is now clear that it was not me who sent out the message. I am told that the messages were actually fed in at the rutgers gateway itself via the joys of Eric Fair's nntp. The 11 megabytes of email this generated for non-rutgers sites (roughly 4 megabytes of sendsys turned into 7 megabytes of sendsys plus address update message -- said 7 megabytes being sent back to the original send plus an additional 7 megabytes internally forwarded from rutgers to me on the aramis/athos/porthos complex) plus whatever messages got lost in the ether were apparently a ``prank.'' Boys will be boys and all that. Apparently the backbone takes care of its own. ---- BOB (webber@athos.rutgers.edu ; rutgers!athos.rutgers.edu!webber)
david@ms.uky.edu (David Herron -- One of the vertebrae) (06/30/88)
In article <Jun.30.03.45.06.1988.23248@aramis.rutgers.edu> Bob.Webber@aramis.RUTGERS.EDU writes: >Yes, it is now clear that it was not me who sent out the message. I >am told that the messages were actually fed in at the rutgers gateway >itself via the joys of Eric Fair's nntp. er.. NNTP isn't *just* Erik's ... it's a group project of those California guys. It would have been just as trivial to generate those sendsys messages without NNTP -- MORE trivial even, because wouldn't have to learn the NNTP protocol. Something like "uux - rutgers!rnews" would work for one of the many neighbors of rutgers. Something like "inews -h" would have worked for someone ON rutgers. So what's the point? Why imply that NNTP is evil because it allows such things? >Apparently the backbone takes care of its own. Would you care to explain this? It's probably true to some extent -- in every social grouping there is a certain amount of "us" versus "them" that results in people within the group "taking care of their own". But what does that have to do with this case? The messages could have been made by ANYBODY on the internet -- well, that depends on the Mel's configuration file -- who knows enough about the protocols to make the posting. That lets me out anyway cause I don't know NNTP, we just use it 24 hrs per day is all. :-) -- <---- David Herron -- The E-Mail guy <david@ms.uky.edu> <---- ska: David le casse\*' {rutgers,uunet}!ukma!david, david@UKMA.BITNET <---- <---- I'm not bad, I'm just coded that way!
webber@porthos.rutgers.edu (Bob Webber) (07/02/88)
In article <9811@g.ms.uky.edu>, david@ms.uky.edu (David Herron -- One of the vertebrae) writes: > In article <Jun.30.03.45.06.1988.23248@aramis.rutgers.edu> Bob.Webber@aramis.RUTGERS.EDU writes: < <Yes, it is now clear that it was not me who sent out the message. I < <am told that the messages were actually fed in at the rutgers gateway < <itself via the joys of Eric Fair's nntp. < < It would have been just as trivial to generate those sendsys messages < without NNTP -- MORE trivial even, because wouldn't have to learn < the NNTP protocol. ... < would have worked for someone ON rutgers. So what's the point? Why < imply that NNTP is evil because it allows such things? At a networked site like rutgers, berkeley, etc., it is alot easier to hack something like nntp than it is to get modem access. Such sites are also more likely to have people interested in fiddling with the system a little bit. Anyway, there was no BIG point here, I was just mentioning that nntp was apparently how rutgers was hacked this time -- the sysadmin for rutgers told me this, it is not idle speculation as to how it was done. NNTP has had a number of very bad effects on the net, but its security is the most minor of them. < <Apparently the backbone takes care of its own. < < Would you care to explain this? <... < with this case? The messages could have been made by ANYBODY on the < internet -- well, that depends on the Mel's configuration file -- who < knows enough about the protocols to make the posting. While it could have been made by ANYBODY, it was actually done by specific people. That person is known to the sysadmin of rutgers -- as well as a number of others. These people are participating in the act after the fact by shielding the person responsible from the public response they deserve. ANY QUESTIONS? -- BOB (webber@athos.rutgers.edu ; rutgers!athos.rutgers.edu!webber)