Path: utzoo!attcan!uunet!ncrlnk!ncrcae!hubcap!gatech!galbp!wittsend.LBP.HARRIS.COM!mhw From: mhw@wittsend.LBP.HARRIS.COM (Michael H. Warfield) Newsgroups: comp.protocols.tcp-ip Subject: Re: RFC on Internet "Virus", Please Message-ID: <6466@galbp.LBP.HARRIS.COM> Date: 8 Nov 88 19:59:15 GMT References: <8811071522.AA15390@csc-lons.arpa> Sender: news@galbp.LBP.HARRIS.COM Reply-To: mhw@wittsend.UUCP (Michael H. Warfield) Distribution: na Organization: Harris/Lanier Network Knitting Circle Lines: 25 In article <8811071522.AA15390@csc-lons.arpa> scottr@CSC-LONS.ARPA (Scott W. Rogers) writes: >One suggestion is not to place this RFC in the "public" domain, but to >have some intity maintain it and only send it on request. Possible >checking out the 's credentials/identity of the requestor first! There is always the problem of "checking out the credentials" and who get excluded (when they by rights should be included) and what determined cracker is going to conive his way past the check. This has been under discussion in news.sysadmin concerning the two security mailing lists. The one on zardoz is open to any "system administrator" while the one on isis requires at least one recommendation from the sysadmin on a well recoginized site outside of your organization. Neither is likely to be fool proof (the fools are just to damn ingenious) and I would argue that the crackers have a better grapevine for getting information than browsing through usnet. Admittedly, in some cases security is mandated. The isis list may well be carrying information for which there may be no immediate or practical fix or work-around. It justifiably needs more security than the list on zardoz which should be dealing with more practical preventative recommendations and warnings (hopefully no messages of the "If they do this your dead and there's nothing we can do to stop them!" sort). Michael H. Warfield (The Mad Wizard) | gatech.edu!galbp!wittsend!mhw (404) 270-2123 / 270-2098 | mhw@wittsend.LBP.HARRIS.COM An optimist believes we live in the best of all possible worlds. A pessimist is sure of it!