Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!wri!dragonfly.wri.com!ben
From: ben@wri.com (Ben Cox)
Newsgroups: comp.admin.policy
Subject: Re: RFC on my "abuse"
Message-ID: <ben.677904030@dragonfly.wri.com>
Date: 26 Jun 91 02:40:30 GMT
References: <1991Jun25.154257.7452@m.cs.uiuc.edu> 	<1991Jun25.173013.3784@mp.cs.niu.edu> 	<1991Jun25.192914.23335@cs.utk.edu> <JGREELY.91Jun25172338@morganucodon.cis.ohio-state.edu>
Organization: Wolfram Research, Inc.
Lines: 25

jgreely@morganucodon.cis.ohio-state.edu (J Greely) writes:

>>worst.  But any site admin that freaks out over the occasional attempt
>>hasn't got a firm grasp on reality.

>Actually, they may have a firmer grip than you.  Older versions of
>ftpd had holes big enough to drive a truck through.  If I spotted
>someone out at bfe.edu attempting to connect to each of our machines
>in turn, I'd be more than a little suspicious, and would probably send
>mail to the admins there asking them to check it out.

Once, I had to install a UUCP connection.  I tried to test it out.  I got
mail from Rick Adams (!) telling my that my attempts at "testing" security
of UUNET were not considered friendly.  It turns out that the thing I used to
test our UUCP connection used to be a bug and would have, in the olden days,
allowed me access, but had since been fixed.  UUNET had assumed I was testing
for the presence of this bug, when in fact, I was totally unaware of the bug,
and was simply trying to test our connection (I had been expection a message
back telling me my uux failed, but never got it).

The moral of the story: sometimes your actions look much more suspicious than
you think they do.

-- Ben Cox
   ben@wri.com