Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!purdue!bu-cs!bloom-beacon!athena.mit.edu!boomer From: boomer@athena.mit.edu (Don Alvarez) Newsgroups: comp.protocols.tcp-ip Subject: Re: tcp/ip attacks Summary: history is what you were yesterday Message-ID: <11134@bloom-beacon.MIT.EDU> Date: 4 May 89 21:55:41 GMT References: Sender: daemon@bloom-beacon.MIT.EDU Reply-To: boomer@space.mit.edu (Don Alvarez) Distribution: comp Organization: MIT Center for Space Research Lines: 29 In article , pearce@tycho.yerkes.uchicago.edu (Eric C. Pearce) writes: >We are trying to assess the risks of certain types of network attacks >for our local network. [cite's Bellovin article] My question is: does >anyone know of any successful or attempted attacks on an internet >host based on generic problems with the tcp/ip protocol suite >itself, such as those described by Bellovin? Whether anyone *has* employed a given attack method is of principle interest to historians. It sounds to me like you are trying to design a network for the future, not than discuss the one of the past. If you want a vote on whether people agree that the vulnerabilities he describes are real, then you have at least one "yes" ballot. (imagine trying to explain to your employer/users that you decided to ignore a known weakness simply because you had never heard of anyone exploiting it...) ps. For the rest of the tcp-ip community... it's an excellent paper, and it isn't very long. As the add says, "if you only read one paper this year, make it _Security_Problems_in_the_TCP/IP_Protocol_Suite_, by S.M. Bellovin in the ACM Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989." -- + ----------------------------------------------------------- + | Don Alvarez MIT Center For Space Research | | boomer@SPACE.MIT.EDU 77 Massachusetts Ave 37-618 | | (617) 253-7457 Cambridge, MA 02139 |