bill@carpet.WLK.COM (Bill Kennedy) (06/22/88)
I am irritated by something that happened today as I am sure other news
administrators were. I hope that I have not added to the flood if there
is one. I recall something similar about a portal user. I got three
sendsys messages:
Path: ssbn!killer!osu-cis!tut.cis.ohio-state.edu!husc6!bbn!uwmcsd1!ig!agate!ucbvax!rutgers!webber
>From: webber@rutgers.edu (Net.Rarebit)
Newsgroups: news.admin.ctl
Subject: sendsys
Message-ID: <net.rarebit.3@rutgers.edu>
Date: 20 Jun 88 22:20:20 GMT
Control: sendsys
Organization: Pain in the Ass, Inc.
Lines: 0
The others are identical, I'll just show the Path: and Message-ID: \'s added
Path: ssbn!killer!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!husc6!uwvax! \
dogie!uwmcsd1!ig!agate!ucbvax!ucsd!sdcsvax!rutgers!webber
Message-ID: <net.rarebit.4@rutgers.edu>
Path: ssbn!killer!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!husc6!bbn! \
uwmcsd1!ig!agate!pasteur!ames!rutgers!webber
Message-ID: <net.rarebit.2@rutgers.edu>
And my system dutifully complied. I caught the last two before they were
actually sent, but the first one did go.
This is malicious mischief and the perpetrator should be severely punished.
Someone suggested that "net.rarebit" was a forgery and if it is, it's
intended to flood Bob Webber's mailbox, punishable malicious mischief.
Anyone who knows enough to do it knows better.
I am of the opinion that it is not a forgery, that it _is_ Bob Webber and
he has certainly been around long enough to know better, intentional
malicious mischief. He should be punished, by his news administrator, not
the net.
The sendsys that did go out from ssbn was miniscule, but if you think about
a site with a big sys file, all of the sites who got it, three times, I
think it's a gross abuse of net privileges. I was less irritated before
I read the control messages. This person needs a news administrator to
land on them and soon.
--
Bill Kennedy Internet: bill@ssbn.WLK.COM
Usenet: { killer | att-cb | ihnp4!tness7 }!ssbn!billwisner@killer.UUCP (Bill Wisner) (06/23/88)
Think about what you're saying, Mr. Kennedy. Webber could not have posted
those sendsys messages anyway; he's not a news administrator. But, you say,
he could have gotten by that little restriction.
Of course he could have. But just look at the headers! He is NOT
webber@rutgers.edu or rutgers!webber; in fact, I think there are a total
of something like five people who actually have accounts on rutgers itself.
Webber is at athos, or aramis, or porthos, or even constance. Not rutgers.
--
Bill Wisner
..!{ames,decwrl,mit-eddie,osu-cis,rutgers}!killer!wisnerlarry@kitty.UUCP (Larry Lippman) (06/23/88)
In article <106@carpet.WLK.COM>, bill@carpet.WLK.COM (Bill Kennedy) writes: > I am irritated by something that happened today as I am sure other news > administrators were. I hope that I have not added to the flood if there > is one. I recall something similar about a portal user. I got three > sendsys messages: `Kitty' also received three separate sendsys requests all on the same day. I thought it unusual, but was not particularly irritated by it. I WAS rather irritated about a similar happening about a year ago to a site to which we used to distribute news and mail - since our site happened to pass the majority of the sendsys responses back to the originator (I'm talking about some MEGAbytes worth of sendsys response traffic for which we had to pay the toll costs.) The moral of the story is that sendsys messages on a netwide basis generate HUGE amounts of traffic - and sendsys messages should not be sent without damn good reason. <> Larry Lippman @ Recognition Research Corp., Clarence, New York <> UUCP: {allegra|ames|boulder|decvax|rutgers|watmath}!sunybcs!kitty!larry <> VOICE: 716/688-1231 {hplabs|ihnp4|mtune|utzoo|uunet}!/ <> FAX: 716/741-9635 {G1,G2,G3 modes} "Have you hugged your cat today?"
webber@porthos.rutgers.edu (Bob Webber) (06/23/88)
In article <106@carpet.WLK.COM>, bill@carpet.WLK.COM (Bill Kennedy) writes: >...[re the sendsys messages available everywhere in /usr/spool/news/control] > This is malicious mischief and the perpetrator should be severely punished. Well, not ``severly'' punished. I would be quite happy to just log into their ``home'' system from time to time and explore it in the manner they seem to be exploring the news software. > Someone suggested that "net.rarebit" was a forgery and if it is, it's > intended to flood Bob Webber's mailbox, punishable malicious mischief. I know of no net.rarebit postings other than ones occurring in news.* with Sender: clearly indicating webber@aramis.rutgers.edu. So far, the only forgeries I have seen are those that came in the control group. Doubtless they were intended to flood my mailbox -- much as Spafford did last summer with his call for a vote of confidence (plus request that a cc of each vote go to me). > Anyone who knows enough to do it knows better. Obviously this is not true. > I am of the opinion that it is not a forgery, that it _is_ Bob Webber and > he has certainly been around long enough to know better, intentional > malicious mischief. He should be punished, by his news administrator, not > the net. An amusing opinion. Quite wrong. Now if their return address had been the mail addresses of each of the moderators, I would understand such an opinion (it would still be wrong -- but it would be understandable). Of course, this posting claiming to come from you might itself be a forgery since the opinions expressed hardly fit in with those expressed earlier when nominating me as ``keeper of the votes.'' Then again, perhaps the weather isn't fair today in your neck of the woods. > I read the control messages. This person needs a news administrator to > land on them and soon. Assuming you mean whoever sent the sendsys message, then I would agree that it is clear that using the net mail facilities in this manner is not an idea that should be encouraged. On the other hand, at the moment I have a rather low opinion of the people who set up the system so that it could be so easily abused. It is hard to see a way to interpret this in the manner advised by Hanlon's Razor (cf /usr/games/lib/fortunes.dat). In theory there should be enough information in various places on the net to establish rather well who did this, even under the current setup. Already enough information has been collected to convince the local admins that it was not generated from rutgers.edu. ------ BOB (webber@athos.rutgers.edu ; rutgers!athos.rutgers.edu!webber)
nyssa@terminus.UUCP (The Prime Minister) (06/23/88)
In article <106@carpet.WLK.COM> bill@carpet.WLK.COM (Bill Kennedy) writes: >I am irritated by something that happened today as I am sure other news >administrators were. I hope that I have not added to the flood if there >is one. I recall something similar about a portal user. I got three >sendsys messages: > >Path: ssbn!killer!osu-cis!tut.cis.ohio-state.edu!husc6!bbn!uwmcsd1!ig!agate!ucbvax!rutgers!webber >>From: webber@rutgers.edu (Net.Rarebit) >Subject: sendsys Don't feel bad, I got four. Path: terminus!ulysses!thumper!faline!bellcore!tness7!killer!osu-cis!tut.cis.ohio-state.edu!husc6!bbn!uwmcsd1!ig!agate!ucbvax!rutgers!webber From: webber@rutgers.edu (Net.Rarebit) Message-ID: <net.rarebit.3@rutgers.edu> Path: terminus!ulysses!thumper!faline!bellcore!tness7!killer!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!husc6!uwvax!dogie!uwmcsd1!ig!agate!ucbvax!ucsd!sdcsvax!rutgers!webber From: webber@rutgers.edu (Net.Rarebit) Message-ID: <net.rarebit.4@rutgers.edu> Path: terminus!ulysses!thumper!faline!bellcore!rutgers!webber From: webber@rutgers.edu (Net.Rarebit) Message-ID: <net.rarebit.1@rutgers.edu> Path: terminus!ulysses!andante!mit-eddie!bbn!uwmcsd1!ig!agate!pasteur!ames!rutgers!webber From: webber@rutgers.UUCP Message-ID: <net.rarebit.2@rutgers.edu> All arrived in the wee hours, so four copies of the sys file were sent. With stupid things like this going on, is it any wonder that sites such as AT&T are making restrictions? -- James C. Armstrong, Jr. {ulysses,other backbone}!terminus!nyssa
bill@carpet.WLK.COM (Bill Kennedy) (06/24/88)
In article <4552@killer.UUCP> wisner@killer.UUCP (Bill Wisner) writes: >Think about what you're saying, Mr. Kennedy. Webber could not have posted >those sendsys messages anyway; he's not a news administrator. But, you say, >he could have gotten by that little restriction. Bill's quite right, of course. I don't think I was entirely unjustified in suspecting that Bob did it, but I was dead wrong. Bill and Bob have already pointed out. I have apologized to Bob for `accusing' him, I thought it was clear I only `suspected' him. The difference must be too fine. >Of course he could have. But just look at the headers! He is NOT >webber@rutgers.edu or rutgers!webber; in fact, I think there are a total >of something like five people who actually have accounts on rutgers itself. >Webber is at athos, or aramis, or porthos, or even constance. Not rutgers. Correct again. Bob's article says he only got a megabyte or so, and that reinforces my real complaint. It's not the replies that are at issue, it's the discussion that ensues. If we find and stop the forger then the discussion dries up. I still think it is a childish prank and that the news administrators should find out who did it and stop them. I sincerely hope that Bob's suggestion that a backbone administrator did it is wrong. That would, in my opinion, be beneath their dignity. I'll not clutter further with discussion I've already objected to. On the positive side it would be useful to me and similar minimally skilled news administrators to have someone post some tips on how to prevent such folly. I feel fairly sure that a reader at ssbn could have done it, sure enough to check the logs to make sure they hadn't. Are there ways we should set up permissions so that only the news administrator can easily do some things? We have seen enough forgeries in the last few weeks to justify an article in this group on ways to make them harder to do. RTFM doesn't help, TFM is silent on this topic. Maybe Rick will post something when he gets back from SF, I hope so. I also hope it isn't as clumsy and having to apply all of control by hand. -- Bill Kennedy Internet: bill@ssbn.WLK.COM Usenet: { killer | att-cb | ihnp4!tness7 }!ssbn!bill
romain@pyrnj.uucp (Romain Kang) (06/24/88)
As a netnews neighbor of rutgers, I find it very unusual that
<net.rarebit.1@rutgers.edu> would have been passed to my site from
rutgers, especially if it is truly a forgery. However, a clever
miscreant could have done it with NNTP or UUCP if he/she/it has
such connections to rutgers.
Jun 22 15:23 pyrdc received <net.rarebit.1@rutgers.edu> ng news.admin.ctl subj 'sendsys' from webber@rutgers.edu (Net.Rarebit)
Jun 22 19:14 rutgers Duplicate article <net.rarebit.1@rutgers.edu> rejected. Path: rutgers!webber
Even though pyrnj first received the article via
pyrdc!uunet!husc6!rutgers!webber, we already see a lot of comp.mail.maps
articles coming through that path also. It may be noteworthy that we
received the 4 messages in the order 3 4 2 1, all through different
paths. Whoever sent the <net.rarebit.?@rutgers.edu> series has a
thorough, devious mind, with a knack for obfuscatory tactics.
I cannot judge whether Dr. Webber is innocent or guilty. I find it
disappointing that Webber, someone with a gift for original thought
(such as USENET could use) has decided to apply himself to creating
havoc, rather than productive efforts. The same may be said for the
originator of the sendsys messages. These activities are childish
and beneath contempt. I will refrain from further comment.
Romain Kang {allegra,cmcl2,pyramid,rutgers}!pyrnj!romain
Pyramid Technology Corp. / 10 Woodbridge Center Dr. / Woodbridge NJ 07095webber@porthos.rutgers.edu (Bob Webber) (06/24/88)
In article <1192@pyrnj.uucp>, romain@pyrnj.uucp (Romain Kang) writes: > As a netnews neighbor of rutgers, I find it very unusual that > <net.rarebit.1@rutgers.edu> would have been passed to my site from > rutgers, especially if it is truly a forgery. However, a clever > miscreant could have done it with NNTP or UUCP if he/she/it has > such connections to rutgers. Yeah. The other thing pointing to someone close to the Rutgers system is that this all seems to have begun near the time Mel was boarding a plane for Usenix (he skipped the tutorial sessions). Ain't idle speculation fun. > articles coming through that path also. It may be noteworthy that we > received the 4 messages in the order 3 4 2 1, all through different Well, we recieved them like: Script started on Thu Jun 23 22:25:45 1988 porthos[2,1] pwd /aramis/usr/spool/news/control porthos[2,2] grep net.rare * 9495:Message-ID: <net.rarebit.1@rutgers.edu> 9496:Message-ID: <net.rarebit.3@rutgers.edu> 9497:Message-ID: <net.rarebit.4@rutgers.edu> 9499:Message-ID: <net.rarebit.2@rutgers.edu> porthos[2,3] grep Date: 949[5679] 9495:Date: 20 Jun 88 22:20:20 GMT 9496:Date: 20 Jun 88 22:20:20 GMT 9497:Date: 20 Jun 88 22:20:20 GMT 9499:Date: 20 Jun 88 22:20:20 GMT porthos[2,4] grep Path: 949[5679] 9495:Path: aramis.rutgers.edu!rutgers!webber 9496:Path: aramis.rutgers.edu!njin!princeton!udel!rochester!cornell!uw-beaver!mit-eddie!husc6!bbn!uwmcsd1!ig!agate!ucbvax!rutgers!webber 9497:Path: aramis.rutgers.edu!njin!princeton!udel!rochester!bbn!uwmcsd1!ig!agate!ucbvax!ucsd!sdcsvax!rutgers!webber 9499:Path: aramis.rutgers.edu!njin!princeton!udel!rochester!bbn!uwmcsd1!ig!agate!pasteur!ames!rutgers!webber porthos[2,5] ls -l 949[5679] -rw-r--r-- 1 news 255 Jun 21 20:52 9495 -rw-r--r-- 1 news 347 Jun 21 21:45 9496 -rw-r--r-- 1 news 326 Jun 21 21:45 9497 -rw-r--r-- 1 news 319 Jun 21 21:49 9499 porthos[2,6] exit porthos[2,7] script done on Thu Jun 23 22:29:30 1988 > I cannot judge whether Dr. Webber is innocent or guilty. I find it > disappointing that Webber, someone with a gift for original thought > (such as USENET could use) has decided to apply himself to creating > havoc, rather than productive efforts. The same may be said for the > originator of the sendsys messages. Actually it is not clear that the originator of the sendsys message actually meant to create havoc. Most people seem to have become aware of all of this because of the message rutgers sends out about the alias going away rather than from the actual sendsys itself -- and it is not clear whether the orignator was aware of that aspect of it all. Certainly people who want Usenet to turn into a moderated collection of comp groups where people can post requests saying to send directly to them since they don't actually read the groups (i.e., all of Usenet like comp.sources.wanted), such people would certainly view my vision (or more accurately, my memory) of Usenet and any ``productive'' efforts toward its encouragement as ``havoc.'' I view unrestricted online information of ANY kind as a rare and precious resource of the net and anything that tries to stem that flow (even if the attempt is backed up with alot of mumbo jumbo about S/N ratios) as criminal. The flow, however, does not need to flow as fast as it currently does [and I wouldn't be at all surprised if the quality-seekers didn't find that a slower net with fewer transfers per night made resulted in more interesting postings]. Of course, the ``current administration'' made its reputation on improving the speed and reliability of mail and news simultaneously and seems to have difficulty with the concept that while this might have been a nice thing for mail, it was the worst thing they could have done for news. C'est la vie. ---- BOB (webber@athos.rutgers.edu ; rutgers!athos.rutgers.edu!webber)
weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) (06/24/88)
In article <109@carpet.WLK.COM>, bill@carpet (Bill Kennedy) writes: > I sincerely >hope that Bob's suggestion that a backbone administrator did it is wrong. >That would, in my opinion, be beneath their dignity. That may be your opinion, but it's dead wrong. I'm not naming names, but long ago someone way up there in net.heaven once posted the Purity Test to net.test from a user ID that was actually the start of a com- plicated mail-forwarding route to someone else up there in net.heaven. ucbvax!garnet!weemba Matthew P Wiener/Brahms Gang/Berkeley CA 94720
erict@flatline.UUCP (j eric townsend) (06/25/88)
In article <6142@terminus.UUCP>, nyssa@terminus.UUCP (The Prime Minister) writes: > In article <106@carpet.WLK.COM> bill@carpet.WLK.COM (Bill Kennedy) writes: > > ...I got three > >sendsys messages: > Don't feel bad, I got four. I feel bad, I didn't get any... :-( (or :-)? I wonder who all *did* get them... was it derived from everyone posting in news.bitch.about.names.of.groups on 4Jun? Or was it a simple "for every machine in the pathalias database, do a sendsys.."? -- Skate UNIX or go home, boogie boy... "But why should I type "rm -r $HOME" if I want to play trek???" J. Eric Townsend ->uunet!nuchat!flatline!erict smail:511Parker#2,Hstn,Tx,77007 ..!bellcore!tness1!/