Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!ucbvax!CAYMAN.COM!brad
From: brad@CAYMAN.COM
Newsgroups: comp.protocols.appletalk
Subject: Re: Cayman's 'Watch' is security threat.
Message-ID: <9105221356.AA03053@cuba.Cayman.COM>
Date: 22 May 91 13:56:08 GMT
References: <9105142111.AA08420@aquarium.ecn.purdue.edu>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 34


Humm. Good thing I didn't add the "reconstruct telnet session with
vt100 emulation" (which I had thought about doing  ;-)

As the author of Watch, I feel inclined to comment. I don't have *the*
answer, rather some comments...

- The benefit most of our customers have received from using watch
has been large. They can capture packets when problems arise, send
them to us and we can help them solve problems. That's why I wrote
it.

- As with any "sharp" tool, it can be misused. Perhaps decoding the
telnet sessions and displaying the actually data was not a good idea,
but the data is there in the hex dump anyway, so...

- MIT's "netwatch" or what ever it's called has been available for years
and would allow you do the same thing. It runs on a PC. There seem
to be a lot more PC's with ethernet cards around than Mac's with
ethernet cards (but, perhaps the Mac is easier to use and then
abuse... ;-)

- One solution which places like MIT use is to run rlogin with kerberos.
My understanding is that this works with all the BSD derived systems
(sun, ultrix, etc) and never sends any passwords in clear text. If you
use telnet, you get passwords in clear text. I don't know if there is
a version of NCSA which does rlogin with kerberos (but is there isn't,
I'll offer to create one)

- I agree with the person who said, "the problem is not with the tool,
it's with the server"; I realize this may a non-solution for you (i.e.
you've got a lot of existing servers which can't be changed easily).

-brad