Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!samsung!umich!umeecs!zip!bagchi From: bagchi@eecs.umich.edu (Ranjan Bagchi) Newsgroups: comp.admin.policy Subject: Re: RFC on my "abuse" Message-ID: Date: 25 Jun 91 20:21:20 GMT References: <1991Jun25.154257.7452@m.cs.uiuc.edu> <1991Jun25.173013.3784@mp.cs.niu.edu> Sender: usenet@zip.eecs.umich.edu (Mr. News) Organization: Recreational Creationists, Inc. Lines: 51 In-Reply-To: rickert@mp.cs.niu.edu's message of 25 Jun 91 17: 30:13 GMT In article <1991Jun25.173013.3784@mp.cs.niu.edu> rickert@mp.cs.niu.edu (Neil Rickert) writes: >In article <1991Jun25.154257.7452@m.cs.uiuc.edu> jjones@uiuc.edu writes: >> While I was getting my MS in CS at Arizona State University, I ran into a >>bit of trouble with the Engineering Computing facilities people. Over >>Memorial Day weekend in 1989, I ran a shell script that went through a list >>of internet sites ending in ".com" to see if those sites allowed anonymous >>FTP. In my shell script, so as to not load the networks over-much, I inserted >>a sleep 30 between each attempt. I also deliberately chose a holiday weekend > >Do you ever walk down the street, and as you do so, walk up to each house >and test the front door to see if they left it open? > >I suspect if you ever did this, the local police would not have been as >nice to you as your computer administrator. > >Yet, in effect, this is exactly what you did on the net. Only, worse still >you didn't walk down the street to do this. You drove down the street in >a car that had been provided to you for totally different purposes, thereby >making the owner of the car (that is, the computer center and the university) >unwitting accomplices in your activity. > On the other hand, if you want to go into a McDonalds, do you ask Ronald? Anonymous ftp is a lot more like a corner store (or more to the point a booth giving away free samples) than a private residence. Do you contact the sysadmins of the sites on the anonymous ftp list on comp.misc before attempting to use them? Just because everyone else uses prep.ai.mit.edu for GNU software, have you ever contacted the sysadmins there to ask if they KNOW that "hackers have been putting their warez there"? I don't think anything was wrong with attempting an anonymous ftp to a list of sites. Is anyone being hurt? Compared to NNTP and Mail traffic, ftp has miniscule effect upon the net speed. If security can be compromised, then the sysadmin's got some problems. Frankly, I'm curious that there was any backlash. If all the script did was ftp to a site, and attempt to login once as anonymous with some password, nothing is being tied up, in fact the transaction should take less than a minute. And only happen once per site. Why anyone would be upset by that is weird. -rj -- -------------------------------------------------------------------------------- Ranjan Bagchi - asleep...... | v,i,j,k,l,s,a[99]; bagchi@eecs.umich.edu | main() { ------------------------------- for(scanf("%d",&s);*a-s;v=a[j*=v]-a[i],k=i=s*k&&++a[--i]) ; } /* Osovlanski and Nissenbaum */ --------------------------------------------------------------------------------