Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uwm.edu!linac!att!ucbvax!ECN.PURDUE.EDU!moyman
From: moyman@ECN.PURDUE.EDU (Mike Moya)
Newsgroups: comp.protocols.appletalk
Subject: Re: Cayman's 'Watch' is security threat.
Message-ID: <9105142111.AA08420@aquarium.ecn.purdue.edu>
Date: 14 May 91 21:11:04 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 28

What I would very much like to see (and VERY trivial to do by the
developers of these programs) is that all of these programs (Watch,
ApplePeek, etc...) that sniff the AppleTalk NBP *REGISTER* themselves on
the NET. That way anybody else with an ounce of programming knowledge and
can read IMXX can write a trivial watchdog program that simply looks for
the registration of any "sniffing" programs running on the AT net... It
would never stop somebody from writing their own (not *that* tough)
sniffer, but much tougher to do than downloading an app. Granted it's not a
perfect solution (and older copies would remain out there) BUT, IMHO it
would be one more level of protection.

So, what *could* be done:
        1) PD programs that sniff the AT register themselves at startup:
                ...like "ChooserName:Watch@*" for Watch
                ...or "ChooserName:ApplePeek@* for ApplePeek (You get the
idea)
        2) PD sites remove older copies and put on the newer.
        3) Write a watchdog program to monitor AT for PD rogue sniffer apps
running.


Just a thought...
--moya

--Mike Moya 
--Macintosh Systems and Networking
--Engineering Computer Network, Purdue University
--moyman@ecn.purdue.edu