Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!spool.mu.edu!munnari.oz.au!mel.dit.csiro.au!latcs1!wcc!tom From: tom@wcc.oz.au (Tom Evans) Newsgroups: comp.protocols.appletalk Subject: Re: Cayman's 'Watch' is security threat. Message-ID: <1743@wcc.oz.au> Date: 16 May 91 06:28:39 GMT References: <23491.9105141352@crete.dcs.glasgow.ac.uk> Organization: Webster Computer Corp, Melbourne, Australia Lines: 37 In article <23491.9105141352@crete.dcs.glasgow.ac.uk>, inei@cs.glasgow.ac.uk (Nick Nei) writes: > > What I dread has finally happened - our students have discovered > Cayman's Watch program and with glee watched user's login passwords... The "proper solutions" to this have been covered (encryption, two-way passwords etc.). Here's a less serious suggestion (with obvious problems :-). Classify "unauthorised use" of Watch, Peek et.al. as being the same as a Virus. Persuade the authors of commercial virus-checking INITs/apps to check for the presence of network monitoring programs (that open the network hardware in "promiscuous" mode) and do something appropriate. moyman@ECN.PURDUE.EDU (Mike Moya) writes: > What I would very much like to see (and VERY trivial to do by the > developers of these programs) is that all of these programs (Watch, > ApplePeek, etc...) that sniff the AppleTalk NBP *REGISTER* themselves on > the NET. I agree, but I thought that all these programs "took over" the hardware, thus preventing any other activity (like responding to an NBP LookUp) on that Mac. Might be impossible unless the monitoring program independently interprets received packets and duplicates the NBP layer. How about requiring ALL Macs to run Responder, and have a central monitoring program look for and log Macs that have gone "off air" (Responder not responding). This could be done with the CAP programs getzones, atlook and a small shell script (which sends you mail). You can then appear behind perpetrators and look over their shoulder and pointedly ask what they're doing. This might deter them somewhat. ======================== Tom Evans tom@wcc.oz.au ** ADD ".au" MANUALLY (don't trust "reply") ** Webster Computer Corp P/L, 1270 Ferntree Gully Rd Scoresby, Melbourne 3179 Victoria, Australia 61-3-764-1100 FAX ...764-1179 A.C.N. 004 818 455