Bugtraq mailing list archives

Re: Network Monitoring and Control (announcement)

From: cmetz () ministry-of-love inner net (Craig Metz)
Date: Thu, 30 Mar 1995 11:25:13 -0500


In message <Pine.3.89.9503310518.C96-0100000 () madhouse com>, you write:

packet file which can later be replayed through Watcher. Most importantly,
Watcher allows the admin to CONTROL network users by instantly terminating
any connection, setting up makeshift firewalls, or even TAKING OVER 
(hijacking) any connection.

Sounds ok if your charged with providing security for a corporate, 
government or military site, but in the case of pay commercial hosts this 
should be illiegal, if not downright immoral.  How much privacy should I 
expect from a provider?  I mean I am paying for services, and there was 
some limited agreement to services.  I think you better put in a 
statement saying YOUR SESSION WILL BE WATCHED AND IF WE FEEL YOU'RE 
BEING POLITCALLY INCORRECT WE WILL TAKE OVER YOUR SESSION.

Am I the only one who feels this is an invasion of privacy?


        Of course it isn't. You never had any privacy to begin with. If you
aren't doing anything yourself to guarantee your own security and privacy,
you neither have nor deserve any. This hard truth should be known to a few
people on this list who deal with security every day -- you can't just expect
people to hand it to you (well, you can, but there might as well be a bridge
with it).

        While the America Online generation has been whining about Mr. Neuman's
"advertisement" and invading their "privacy", some of us are thankful to have
reviewable code to such a tool. When I talk to people who are responsible for
keeping things secure, theory and papers don't cut it. I need to be able to
whip out a real live program and SHOW them how vulnerable their systems are
before they will even acknowledge the existence of a problem. You can whine
about it all you want, but the crackers have had such tools for a good little
while. It's about time some good come out of it -- enough people see that it's
a problem to merit it getting solved (hint from previous discussion: this one
ain't gonna be easy, folks).

                                                                        -Craig

Current thread:

Network Monitoring and Control (announcement), (continued)
- - Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
    - Re: Network Monitoring and Control (announcement) root (Mar 30)
    - Re: Network Monitoring and Control (announcement) Christopher Samuel (Mar 31)
    - Watcher page moved (and ObBug) Mike Neuman (Mar 31)
    - Re: Watcher page moved (and ObBug) Tom Fitzgerald (Mar 31)
    - SATAN Download Location Bill Bradley (Mar 30)
    - Re: SATAN Download Location Robert A. Pickering Jr. (Mar 31)
    - TCP Sequence Number Prediction (here it is!!) Mike Neuman (Mar 30)
    - Re: Network Monitoring and Control (announcement) Eric (Mar 30)
    - Re: Network Monitoring and Control (announcement) root (Mar 31)
    - Re: Network Monitoring and Control (announcement) Craig Metz (Mar 30)
    - Re: Watcher is invasion of privacy [was: Network Monitoring and Control (announcement)] Kayvan Sylvan (Mar 31)
    - Re: Network Monitoring and Control (announcement) Marc Tamsky (Mar 31)
  - Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
  - Mailer Looping Mike Neuman (Mar 30)
  - Mailer Looping Iban_Ricondo (Mar 30)