cjs@po.CWRU.Edu (Christopher J. Seline) (02/27/91)
Well...I tried to post the source code to a program I'd written
to a local USENET board here at CWRU...the program demonstrated how to put
packets onto and take packets off of our campus wide ethernet.
The program was summarily deleted from the board and I was..well...looks
like they threatened me.....anyway....the message follows....please feel
free to write to the the fellow who deleted the program "jag@po.cwru.edu",
and his boss "rkn@po.cwru.edu".
[start included material]
Article #1210 (1213 is last):
>Newsgroups: cwru.ins.general
From: jag@po.CWRU.Edu (Jeff Gumpf)
Subject: Interfering with Network Operation
Reply-To: jag@po.CWRU.Edu (Jeff Gumpf)
Date: Tue Feb 26 16:12:28 1991
We have removed a posting by "cjs" of a program that allows one to send raw
Ethernet packets. We suggest that users NOT attempt to use this or any
similar program to send raw packets on the network. We remind users that
any disruption of the network through the use of such programs, intentional
or not, is considered a violation of the University's ethics policy.
Anyone found violating that policy will be brought up on charges to the
appropriate University office. Such activity will result in disciplinary
action up to and including dismissal from the institution.
Jeff
[end included material]
knauer@cs.uiuc.edu (Rob Knauerhase) (02/27/91)
In <1991Feb26.233447.9017@usenet.ins.cwru.edu> cjs@po.CWRU.Edu (Christopher J. Seline) writes: >Well...I tried to post the source code to a program I'd written >to a local USENET board here at CWRU...the program demonstrated how to put >packets onto and take packets off of our campus wide ethernet. First, this is a completely non-technical issue so I'm directing followups to alt.censorship alone. The character above has apparenly graduated from firestarting in cwru.ins.general and has discovered the Usenet at large. Pity. Chris, there is nothing wrong with the free flow of information. However, I think you and I (as well as the cwru.ins.general readership) know that you didn't post that innocently. Your post was (my opinion) calculated not to educate, but to infuriate the Information Network Services people at Case. >The program was summarily deleted from the board and I was..well...looks >like they threatened me.....anyway....the message follows....please feel >free to write to the the fellow who deleted the program "jag@po.cwru.edu", >and his boss "rkn@po.cwru.edu". To the readers of comp.protocols.* and others: A little knowledge is a dangerous thing, and in that respect this fellow is dangerous. His pranks have included instigating personal attacks and playing with reply-to fields and so forth to harass the staff and directorship of Information Network Services. I urge you to ignore his request to further annoy these people. Perhaps alt.censorship is an appropriate place to get into the philosophy of Computing Ethics policies. Chris, if you must invent dirty laundry to hang out, please take it there or keep it in cwru.ins.general... [I hate disclaimers, but here goes:] I have no current affiliation with Case Western Reserve University except as a recent alumnus who keeps current. Lucky for the human race, few people are spoiled enough to have a fiber ethernet port in their dorm rooms and not appreciate it; unfortunately, Mr. Seline doesn't realize that there are responsibilities therewith. Rob Knauerhase, University of Illinois at Urbana-Champaign Department of Computer Science, Gigabit Study Group knauer@cs.uiuc.edu, rck@ces.cwru.edu, knauer@scivax.lerc.nasa.gov
cjs@po.CWRU.Edu (Christopher J. Seline) (02/27/91)
I was originally going to sit out for a few days and take the deserved heat for bringing this up in an international forum; unfortunently, Rob has libeled me and I'll take a moment to respond. In a previous article, knauer@cs.uiuc.edu (Rob Knauerhase) says: >Chris, there is nothin wrong with the free flow of information. However, I >think you and I (as well as the cwru.ins.general readership) know that you >didn't post that innocently. Your post was (my opinion) calculated not to >educate, but to infuriate the Information Network Services people at Case. Nope. Please don't tell me what I was thinking. I wrote a program that puts packets on ethernet and takes responce packets off; the idea that my (or any) program could be modified to send n+1 packets (swamping our 100M FDDI fiber backbone) scared them; my program didn't do that -- but it (And any other program) could be modified to do so. > A little knowledge is a dangerous thing, and in that respect this fellow >is dangerous. His pranks have included instigating personal attacks and >playing with reply-to fields and so forth to harass the staff and directorship >of Information Network Services. I urge you to ignore his request to further >annoy these people. Nope. I've repeatedly posted (in a local board for discussion) my oppinion (based on 15 years in the field) that our local computer administration is inappropriately restricting knowledge and interfering in people's research; I've also stated that the computer administration is out of touch and that they innapropriately ignore the advice and comments of faculty/staff/and grad students (as well as UnderGrads). I've further compared their management to how I managed things when I was root (at another fine institution). I'D LIKE TO APOLOGIZE TO EVERYONE WHO HAS BEEN BOTHERED BY THE WHOLE THING. I INTENDED TO SIT THIS OUT AND TAKE MY DESERVED LUMPS BUT THIS LIBEL NEEDED A RESPONCE.
blknowle@frodo.JDSSC.DCA.MIL (Brad L. Knowles) (02/28/91)
Look Guys, This is getting a little tiresome -- if you want to make general (non-inflamatory) comments on why a particular decision was made, then do so. If you want to tell us about a program that you wrote that we might find useful, then do so. BUT PLEASE KEEP YOUR FLAME WARS OFF THE MAILING LIST(S)! And also please refrain from using all caps to make a point -- I did it above to point out how inapprorpiate it is, but please do not follow my (or Chris's) example. These mailing lists have been set up for one purpose -- so that people who have questions about a particular subject (in this case TCP-IP protocols) can do so and expect that very knowledgeable people might be on the mailing lists and replay to those questions. It is also here to let people who have information on a particular subject can tell others about it, even if there has not been an explicit Rquest For Information on the subject -- if it has something to do primarily with TCP-IP protocols and their support under any particular Operating System, then tell us about it or ask us the question. If what you have to say has very little to do with TCP-IP, then make your statement or ask your question elsewhere. Rob & Chris, please do not misinterpret this post -- I'm not flaming you (yet :-| ), I would just like to make sure that we keep the chaff down to a minimum on this mailing list, and if someone sees your comments without some sort of response of the sort I have presented here, then they might get the wrong idea. Chris, you had every right to tell us about the availablility of your program, and the fact that you had tried to make it publicly available, but politics kept you from doing so. Neither you nor Rob have the right to say whether the Univeristy was correct in their decision to keep it off the publicly available file-space, as that is a matter of opinion. Also, neither of you have the right to take public offense at statements of fact -- they are a matter of fact, and nothing can change that. So long as we keep our statements factual, and police ourselves strongly on matters of opinion, this mailing list will remain useful. The moment everyone (myself included) starts making lots of statements of opinion, no matter whether or not they say that what they have to say is opinion or fact (unless specifically asked for their opinions, and then they should make sure that what they have to say is kept very short and sweet), then this mailing list becomes a vehicle for junk e-mail -- something I'm sure we can all do without. Now, I'll get down off my soapbox! Please do *not* respond! We have enough statements of opinion in this post as it is, and I'll just /dev/null private e-mail on this subject anyway! _____________________________________________________________________________ | Brad Knowles | email: blknowle@frodo.jdssc.dca.mil | | Sun System Administrator | or: blknowle@wis-cms.dca.mil | | DCA/JDSSC/JNSL | W Phone: (703) 693-5849 ____________________| | The Pentagon, Room BE685 | Fax: (703) 693-7329 |Of course, the usual| | Washington, D.C. 20301-7010 | Autovon: 223-5849 |disclaimers apply. | |______________________________|_________________________|____________________|
roy@phri.nyu.edu (Roy Smith) (03/01/91)
[Note: of all the groups the original posting was send to, alt.censorship is the only really relevant one and I've sent directed all followups there. It's clearly not a protocol issue.] cjs@po.CWRU.Edu (Christopher J. Seline) writes: > Well...I tried to post the source code to a program I'd written to a > local USENET board here at CWRU...the program demonstrated how to put > packets onto and take packets off of our campus wide ethernet. The > program was summarily deleted from the board [...] I hesitate to get involved in what is obviously an internal policy decision, but I would tend to agree that the administrators who removed your posting were perfectly withing their rights to do so. There is a serious constitutional issue at stake here, that of free speech. However, I think Christopher has slightly misunderstood the issue. My reasoning goes something along these lines: First, the campus wide ethernet is a shared resource. Proper operation of it depends to a large degree on the cooperation of everybody who uses it. It is fairly trivial for anybody with the proper knowledge and a PC (or a Sun workstation running NIT that they have root permission on, or lots of other things) directly connected to the ethernet to totally disrupt the entire network. This is clearly A Bad Thing. If the university decides to expell somebody who deliberately puts hand-crafted packets on the network and messes things up, that sounds fine to me. It is also besides the point. The university administration is also exercising head-in-the-sand security practices if they think removing the article with the "evil" source code will keep such ethernet tapping/spoofing from happening, but that, too, is rather besides the point. Second, even though you do have the right of free speech, that right does not extend to using somebody else's communication media to spread your message, at their expense. The university paid for the computer on which you posted your program, and clearly they have a right to decide what is a valid use of it. They don't want you to tell other people how to send random packets onto the ethernet, and (regardless of whether or not they are wise in wishing this knowledge kept secret) they certainly have the right to prevent you from using university resources to spread your message. It doesn't matter that your tuition dollars may be going to help pay for the machines; you still don't own them. However, let's say you took a slightly different tack. What if you printed up your source code and went to a local copy shop and xeroxed, at your own expense, 1000 copies and handed them out to students? Let's play it safe and say you aren't even doing the handing out on university property; instead you stand just outside of the campus front gate (not obstructing traffic, etc) on public property. It would probably be more useful to make up 1000 floppy disks with your code on it and hand them out, but that doesn't really change anything. In that case, if the university attempted to stop you, I think you would have an extremely strong case that you are simply exercising your constitutional right to free speech and there isn't anything they can do about it. You could go a step further and find operators of private BBS systems who would be willing to have your code uploaded to their machines and distribute it that way. Or, you could buy your own machine and set up your own BBS. Or you can stand on a street corner with a megaphone and read your code to the masses (I'd really like to see somebody standing on a street corner with a megaphone shouting "Yes, people, I tell you, all you have to do is open a socket with address family AF_NIT as root and bind it to /dev/le0 and do a few ioctl's ..."), or hire a skywriter to draw it in the sky over the computer center. As long as it doesn't involve using university resources, they can't do anything to you to keep you from spreading your message, at your own expense. A somewhat different case exists with public service announcements on TV. In that case, you need a license from the FCC to broadcast, and the number of TV channels that can be allocated in a given area is limited; even if you were willing and able to spend the considerable sum of money needed to set up your own TV transmitter, it wouldn't do you any good. Since that is the case, as a condition of granting a license to a station, the FCC requires that the station allow a certain amout of public service use. You could try to make a case, I suppose, that the campus-wide ethernet is a monopoly similar to a TV channel allocation, and thus the university is required to allow you to post your code as a "public service" but I think the case would be extremely weak indeed and you wouldn't get very far with it, especially considering how easy it is for you to find other distribution methods that are essentially just as good and would cost you a relatively modest sum of money. You could set up a BBS in your dorm room (or, better yet, your off-campus apartment) to distribute the code and I suspect that anybody who could make use of it would have the equipment and know-how to download it. Total outlay to you for a cheap PC and a modem could easily be under $1000; a lot of money for a college student, I guess, but lots of undergraduates CS majors do seem to have their own PCs (many schools even require it, CS major or not). Please note that I am *not* advocating that you send random packets on the ethernet, or that you distribute your code to other people so they can do so. I think doing either would be an extremely irresponsible thing to do. However, there is an important constitutional issue here; namely that you do have the right to distribute information which other people find distasteful, as long as you do it at your own expense. The fine line which many people seem to misunderstand, however, is that you *don't* have the right to force other people to distribute it for you. Free speech doesn't mean that the New York Times has to accept my full-page ad esposing my personal opinion that Saddam Hussain is a nice guy if they don't want to, it just means that I can, if I choose, buy my own printing press and paper and ink and go into the newspaper business myself, if that's the only way I can find to get my ad into print. In my college days, the big censorship deal was whether the ChemE students who wanted to do free paraquat testing (as a public service) should be allowed to advertise their services in the college newspaper. Paraquat, for those who havn't heard of it, was something (a herbicide?) that was once sprayed on marijuana fields by the drug control folks; smoking paraquat tainted pot was very bad for your health. I don't think the idea ever got off the ground, so the issue was a moot point. Among other things, they probably were planning on using the school chem labs to do the testing, which, of course, the school was within their rights to disallow. -- Roy Smith, Public Health Research Institute 455 First Avenue, New York, NY 10016 roy@alanine.phri.nyu.edu -OR- {att,cmcl2,rutgers,hombre}!phri!roy "Arcane? Did you say arcane? It wouldn't be Unix if it wasn't arcane!"
jclark@sdcc6.ucsd.edu (John Clark) (03/06/91)
In article <1991Feb27.144731.23147@usenet.ins.cwru.edu> cjs@po.CWRU.Edu (Christopher J. Seline) writes:
+
+I wrote a program that puts packets on ethernet and takes responce packets
+off; the idea that my (or any) program could be modified to send n+1 packets
+(swamping our 100M FDDI fiber backbone) scared them; my program didn't do
+that -- but it (And any other program) could be modified to do so.
What is so special about such a program. Most intro texts on tcp
inplementation have examples of this. Clearly just writing a piece
of code which talks to various 'echo' services could do the
'swamping'. Big deal.
Of course if you have a way to bring down the net maybe you should
post an article stating the hole in argument that says access to the
net will resonably likely for all users.
--
John Clark
jclark@ucsd.edu