Bugtraq mailing list archives
Re: Network Security and Privacy
From: dynamo () HARVARD NET (dynamo)
Date: Thu, 20 Apr 2000 13:29:14 -0400
To answer some questions I've gotten in the mail publically, Heres some info on our advisory. 1 - The advisory makes it clear we are not talking about a "NEW HOLE" or anything like that. Originally, this paper was submitted as a 'wake up call' for admins who leave this sort of data available. The script was first written as a management tool -- but when it became obvious that you could frequently use it on other people's networks, it transformed into much more. We were shocked to learn that so many nationwide dialup services were affected by this hole. Usually these problems plague smaller isps with less experienced admins. 2 - Emails that say 'snmp public privacy violations are the least of your concerns' are definitely not viewing the problem from the point of view that most dialup customers will come from. To the dialup customer, the idea that someone else can determine how fast the network is, the number of errors in packets and related common snmp data are irrelevant. The fact that some random guy out there can find out your phone number just by seeing you on irc or looking at the header of an email you sent to them is a LOT more menacing.
Current thread:
- Network Security and Privacy JavaMan (Apr 19)
- Re: Network Security and Privacy B Potter (Apr 19)
- Re: Network Security and Privacy Cold Fire (Apr 20)
- pop3 spoon spoon (Apr 20)
- Re: pop3 Christopher P. Lindsey (Apr 21)
- Re: pop3 Jason Godsey (Apr 22)
- unsafe fgets() in sendmail's mail.local 3APA3A (Apr 24)
- Re: unsafe fgets() in sendmail's mail.local Claus Assmann (Apr 25)
- Re: pop3 Kris Kennaway (Apr 27)
- pop3 spoon spoon (Apr 20)
- Re: Network Security and Privacy dynamo (Apr 20)