Re: Router programming,source routes and spoofed ICMP attacks.

[cider () elwha evergreen edu (Cyrus Durgin)]

On Thu, 20 Jun 1996, Alan Brown wrote:

> I have the sourcecode to nuke.c and binaries of wnuke here but I'm not
> particularly happy with the thought of handing them out for obvious
> reasons, though they're probably readily available if one looks in the
> "right" places.
>
> AB

for a list which is well-respected for its reputation as a full-disclosure
list, i'm always disappointed to see posts like this; not only are they
contrary to the concept of a full-disclosure list, but they are also
almost wholly unproductive.  what better way to analyze, study, and
finally develop protection against a security risk than to examine the
source?  by not posting the source, the poster is doing no one a favor,
because, as the quote above suggests, those who will use the code for
illicit purposes will just go out to the "right" places and get it
themselves.  making others aware of a risk is only useful so long as they
are able to defend against it.  if your house is on fire, and i tell you
it's on fire, but not how to extinguish the fire, the knowledge that it is
on fire does not do you very much good.  security through obscurity has
always been a weak tactic, and is frequently more than weak: it is
frequently outright dangerous.


-Cyrus Durgin
cider () elwha evergreen edu

     "If carpenters made buildings the way programmers make programs, the
     first woodpecker to come along would destroy all of civilization."
                                                                   -Anon.
******************************************************************************
     Key fingerprint =  5D A5 52 5C 5E B7 F1 AB  E1 2D 90 BE 19 34 35 54
                             mail for PGP public key
******************************************************************************