Xref: utzoo comp.protocols.tcp-ip:5337 comp.unix.wizards:12398
Path: utzoo!attcan!uunet!ncrlnk!ncr-sd!hp-sdd!ucsdhub!ucsd!rutgers!cmcl2!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn )
Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards
Subject: Re: Morris Tech Report
Message-ID: <8882@smoke.BRL.MIL>
Date: 14 Nov 88 09:11:18 GMT
References: <8419@alice.UUCP>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 19

In article <8419@alice.UUCP> dmr@alice.UUCP writes:
>Those interested in earlier works of Robert T. Morris,
>or interested in network security in general, might wish
>to read AT&T Bell Laboratories CSTR #117, "A Weakness in the
>4.2BSD Unix TCP/IP Software," by Robert T. Morris,
>dated Feb. 25, 1985.  ...

I also recommend this CSTR.  By the way, I don't know why the CSTRs
are still being made available for free but I'm thankful that they
are.  Many of them are very good, and they offer one of the few ways
of obtaining some insight into what the Bell Labs computer scientists
are up to.

Our local Internet gurus tell me that the spoofing weakness
described in that CSTR is currently harder to exploit, but not
impossible.  Also an Ethernet seems to be rife with possibilities..

If things get bad enough we may have to resort to end-to-end
encryption all the time.  What a drag.