Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!psuvax1!gondor.psu.edu!flee From: flee@gondor.psu.edu (Felix Lee) Newsgroups: news.admin,misc.legal Subject: Re: A challenge for those who believe that the network has security Message-ID: <3016@psuvax1.psu.edu> Date: Thu, 22-Oct-87 23:02:26 EST Article-I.D.: psuvax1.3016 Posted: Thu Oct 22 23:02:26 1987 Date-Received: Sun, 25-Oct-87 15:14:32 EST References: <3974@watdcsu.waterloo.edu> Sender: netnews@psuvax1.psu.edu Reply-To: flee@gondor.psu.edu (Felix Lee) Followup-To: news.admin Organization: The Roadside Picnic Lines: 40 Xref: mnetor news.admin:1232 misc.legal:3269 In article <3974@watdcsu.waterloo.edu> magore@watdcsu.waterloo.edu (Mike Gore, Institute Computer Research - ICR) writes: > Here is a small part of the history log from watdcsu showing that >article 4000 doesn't exist - yet. [...] > It's obvious that the poster thus made a silly mistake in his attempt >to fake the posting in question. I think the faker should have used a larger number. As it is, if someone at watdcsu does post article 4000 within a month, it'll never reach psuvax1. If the poster had used 3974, I'd never have seen Mike Gore's posting. I agree that a completely undetectable fake is nearly impossible. (If it were perfect, would it be fake?) But it's easy to cause a great deal of confusion. Say I flood the net with bogus cancel messages from watdcsu, using every other article number from 3974 to 4100, and scattered random numbers up to 30000. Do you look at cancel messages in control? I'm curious. How easy is it to trace <4000@watdcsu.waterloo.edu>? Here are two paths, the local path and the one that Mike Gore posted. > Path: psuvax1!rutgers!ho95e!homxb!ihnp4!cbosgd!clyde!watmath!watdcsu!magore > Path: ukma!rutgers!ho95e!homxb!ihnp4!cbosgd!clyde!watmath!watdcsu!magore I wouldn't put too much significance to the fact that everything from rutgers to watdcsu is the same--a good portion of our news comes from rutgers over NNTP. The questions are: 1) where was it inserted; 2) what machine did it originate from; 3) what user faked the message; 4) what interface was used. If you're interested, send me your versions of the Path:. If you're one of the machines on the paths above, grep for <4000@watdcsu.waterloo.edu> in your history file and mail me the result. I'm almost afraid this will start off a contest of fake articles. Maybe someone should forge a 'newgroup news.fake' to contain them before it goes too far:-). -- Felix Lee flee@gondor.psu.edu {cbosgd,cmcl2}!psuvax1!gondor!flee To have a reason to get up in the morning, it is necessary to possess a guiding principle. A belief of some kind. A bumper sticker, if you will. [Judith Guest, Ordinary_People]