Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!samsung!umich!terminator!predator.rs.itd.umich.edu!cmclark
From: cmclark@predator.rs.itd.umich.edu (Charles Clark)
Newsgroups: comp.protocols.appletalk
Subject: Re: Cayman's 'Watch' is security threat.
Message-ID: <1991May17.195516.17707@terminator.cc.umich.edu>
Date: 17 May 91 19:55:16 GMT
References: <23491.9105141352@crete.dcs.glasgow.ac.uk> <1743@wcc.oz.au>
Sender: usenet@terminator.cc.umich.edu (usenet news)
Organization: U of Michigan, ITD Research Systems
Lines: 33

tom@wcc.oz.au (Tom Evans) writes:
>
>Classify "unauthorised use" of Watch, Peek et.al. as being the same as
>a Virus. Persuade the authors of commercial virus-checking INITs/apps
>to check for the presence of network monitoring programs (that open
>the network hardware in "promiscuous" mode) and do something appropriate.

Like what?  Not let you use your network?  So then anybody who can
start up a "sniffer" can instantly blow away everyone else's ability to
use their network?  Cool <-sarcasm

>moyman@ECN.PURDUE.EDU (Mike Moya) writes:
>> What I would very much like to see (and VERY trivial to do by the
>> developers of these programs) is that all of these programs (Watch,
>> ApplePeek, etc...) that sniff the AppleTalk NBP *REGISTER* themselves on
>> the NET.
>
>I agree, but I thought that all these programs "took over" the
>hardware, thus preventing any other activity (like responding to an
>NBP LookUp) on that Mac.

Say what?  This would basically make all "sniffer" products worthless.
If I am trying to debug network problems by capturing packets, and my
presence on the net *changes* how the other machines are acting, then
it would be poor debugging tool, wouldn't it?

>How about requiring ALL Macs to run Responder, and have a central
>monitoring program look for and log Macs that have gone "off air"
>(Responder not responding). 

Except that there are myriad reasons why macs go "off air"...

cmc