Return to index: [Subject] [Thread] [Date] [Author]

Re: ARPA

[Subject Prev][Subject Next][Thread Prev][Thread Next]
>Stuart McClure is president and CTO and Joel Scambray
>is Managing Principal at security consultant Foundstone 
You want to watch out for these guys--the same people who brought us the 
doomsday Y2K scenarios. Security is important, and maybe it takes a 
doomsday prediction to get the PhB's out of the quarterly reports. My own 
opinion is that a Maginot line strategy is no better now than in 
1940--you only learn about weak points when the opposition shows up 
inside. Tracking open links and insecure servers so the people who run 
them can seal off the gaps makes it just that much harder for hackers to 
skip from machine to machine. And it helps get spam and other rogue 
accounts closed or at least identified. 

I've gotten a couple of spams recently which apparently originated from 
an ARPA server or one that identified itself with ARPA in the dns name. 
I'm pretty much certain it was either an inadvertent open relay or a 
spoofed name. Whatever secret plot ARPA is hatching, I doubt it includes 
sending out ads for porn sites or organic viagra or whatever. BTW 
relaying access is nothing new. Cliff Stoll's book _The Cuckoo's Egg_ 
outlines a similar series of attacks more than 10 years ago. Turns out it 
was bug in UNIX in that case. The really interesting part wsa the 
ignorance on the part of people who should have been running things. 
PhB's don't change, I guess.

Christopher Wright P.E.    |"They couldn't hit an elephant from
chrisw(--nospam--at)skypoint.com        | this distance"   (last words of Gen.
___________________________| John Sedgwick, Spotsylvania 1864)
http://www.skypoint.com/~chrisw