Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!think.com!paperboy!hsdndev!dartvax!news From: Jim.Matthews@dartmouth.edu (Jim Matthews) Newsgroups: comp.protocols.appletalk Subject: Re: Cayman's 'Watch' is security threat. Message-ID: <1991May15.125629.1510@dartvax.dartmouth.edu> Date: 15 May 91 12:56:29 GMT References: <9105142111.AA08420@aquarium.ecn.purdue.edu> Sender: news@dartvax.dartmouth.edu (The News Manager) Reply-To: Jim.Matthews@dartmouth.edu (Jim Matthews) Organization: Dartmouth Software Development Lines: 27 In article <9105142111.AA08420@aquarium.ecn.purdue.edu>, moyman@ECN.PURDUE.EDU (Mike Moya) writes: > What I would very much like to see (and VERY trivial to do by the > developers of these programs) is that all of these programs (Watch, > ApplePeek, etc...) that sniff the AppleTalk NBP *REGISTER* themselves on > the NET. This trick is anything but trivial. An sniffer typically works by bypassing all the standard network drivers and putting the network hardware in "promiscuous" mode so that it will capture all the packets on the wire. To make it respond to some of those packets (i.e. NBP lookups with a certain name) would require a re-implementation of a subset of NBP and DDP (since the .MPP driver won't be around to take PRegisterName calls). Not only that, but looking for and responding to those packets would probably cause the sniffer to miss other packets. A better answer (IMHO) is to stay away from monolithic networks (i.e. 1000 users on an ethernet segment) so only a small fraction of the user population can be monitored from any given location. People should also try to move away from systems that require the sending of clear-text passwords (i.e. standard Unix logins) towards client-server systems that support random-number exchange (i.e. Kerberos, AppleShare). This is much easier said than done, of course. But networks are never going to be secure from people who have access to the media, and software systems should evolve to deal with that. Jim Matthews Dartmouth Software Development