Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83 SMI; site suneast.uucp Path: utzoo!watmath!clyde!burl!ulysses!bellcore!decvax!linus!security!sunne!suneast!geoff From: geoff@suneast.uucp (Geoff Arnold) Newsgroups: net.micro,net.lan Subject: License violation detection Message-ID: <141@suneast.uucp> Date: Tue, 18-Mar-86 11:20:12 EST Article-I.D.: suneast.141 Posted: Tue Mar 18 11:20:12 1986 Date-Received: Sat, 22-Mar-86 05:08:01 EST Organization: Sun Microsystems Inc. - East Coast Division Lines: 55 Xref: watmath net.micro:14077 net.lan:1366 I'm interested in feedback on the question of license violation detection for networking software. We're putting together a product in which (1) we have access to only UDP/IP (and not much memory) and (2) we need to enforce some kind of copy protection. Now we all know where the industry is (rightly) heading on obnoxious forms of copy protection (hard disk installations which rely on hardware bugs, key disks with laser burns, etc.), but with a networking product we have the problem that the product itself provides the means for facilitating its own rip-off! So.... Our first thought was to create our own protocol, but that seemed like an instant loser... Then scanning the stuff from SRI, I noticed RFC863, the Discard Protocol. Anything coming in on UDP port 9 gets dropped, right? Well, is there anything wrong with us taking a peek at it first? Sooo..... What we're planning to do is broadcast a packet with our serial number (plus a suitably recognizable string) to UDP port 9. Any copy of our product that gets a Discard packet checks it: if it's one of ours, and if the serial number matches its own, it (i) displays a "License Violation Detection" message, and (ii) if the packet was a broadcast, it fires off a non-broadcast copy to the originator, who will also display a message. We'll do this just once, after our software has been installed. Obviously we only hit systems on our local Ethernet, but in most cases that should prove adequate. Questions: (1) How do the protocol gurus feel about this kind of use of the Discard Protocol? (2) How would you, as a user, feel about the scheme? (3) Is a one-time warning (probabilistic only - this is UDP) as tough as we should get? Obvious escalations include repeating the message at (decreasing) intervals, disabling our product (but not the system), or bringing the system to a grinding halt? One problem: we can't tell the original from the copy, so we can't choose a single victim. We're planning to report the IP and Ethernet address of the system running the "other" copy, so system administrators can chase down renegade users... (4) Vendors: is there a place for a formally-defined protocol for doing this kind of license enforcement within Internet networks? Vendors writing for Un*x have other options open to them, such as broadcast RPC using Sun's (public domain) protocols. Are these sufficient? (5) A sudden thought - does anybody NOT implement the Discard Protocol? Any(?) 4.2-based system should include it in /etc/services, but how about others? Am I going to get hit up with lots of ICMP as a result of broadcasting a Discard datagram? I think there are enough issues involved that followups are more appropriate than the usual "Reply by mail; I'll summarize" approach. -- "To disclaim, or not to disclaim... " <<<<<< Geoff Arnold, Sun Microsystems Inc. (East Coast Division) >>>>>> SnailMail: One Cranberry Hill, Lexington, MA 02173; 617-863-8870 x136 UUCP: {hplabs,ihnp4,nsc,pyramid,decwrl}!sun!suneast!geoff