From mboxrd@z Thu Jan 1 00:00:00 1970 From: don@DonHopkins.com (Don Hopkins) Date: Sat, 30 Sep 2017 00:21:10 +0200 Subject: [TUHS] RFS was: Re: UNIX of choice these days? In-Reply-To: <5E9B3A54-78FC-4A2E-82FB-36A3633BF57C@gmail.com> References: <201709291522.v8TFM4nq012088@farg.inf.ed.ac.uk> <6491AD5C-D08E-4374-9BDD-2BA97E630BE2@gmail.com> <5E9B3A54-78FC-4A2E-82FB-36A3633BF57C@gmail.com> Message-ID: <6B7D7B9B-D1BD-4268-BD10-BFAEEA7745D6@gmail.com> There were some interesting followup from Milo Medin, Jordan Hubbard and from Dennis Perry on the h_g/tcp-ip mailing lists: From: Milo S. Medin Actually, Dennis Perry is the head of DARPA/IPTO, not a pencil pusher in the IG's office. IPTO is the part of DARPA that deals with all CS issues (including funding for ARPANET, BSD, MACH, SDINET, etc...). Calling him part of the IG's office on the TCP/IP list probably didn't win you any favors. Coincidentally I was at a meeting at the Pentagon last Thursday that Dennis was at, along with Mike Corrigan (the man at DoD/OSD responsible for all of DDN), and a couple other such types discussing Internet management issues, when your little incident came up. Dennis was absolutely livid, and I recall him saying something about shutting off UCB's PSN ports if this happened again. There were also reports about the DCA management types really putting on the heat about turning on Mailbridge filtering now and not after the buttergates are deployed. I don't know if Mike St. Johns and company can hold them off much longer. Sigh... Mike Corrigan mentioned that this was the sort of thing that gets networks shut off. You really pissed off the wrong people with this move! Dennis also called up some VP at SUN and demanded this hole be patched in the next release. People generally pay attention to such people. From: Jordan K. Hubbard Well, I hope Sun patches the holes, Milo. I'm sorry that certain people chose to react as strongly as they did in our esteemed government offices, but I am glad that it raised enough fuss to possibly get the problem fixed. No data was destroyed, lost, or infiltrated, but some people got a whack on the side of the head for leaving the back door open. I'm not sure I can say that I'm all that sorry that this happened. rwall is certainly going to change on my machines, I can only hope that people concerned about being rwall'd over the net will tighten up their RPC. Those that don't care, should at least be aware of it. From: Dennis G. Perry Jordan, you are right in your assumptions that people will get annoyed that what happened was allowed to happen. By the way, I am the program manager of the Arpanet in the Information Science and Technology Office of DARPA, located in Roslin (Arlington), not the Pentagon. I would like suggestions as to what you, or anyone else, think should be done to prevent such occurances in the furture. There are many drastic choices one could make. Is there a reasonable one? Perhaps some one from Sun could volunteer what there action will be in light of this revelation. I certainly hope that the community can come up with a good solution, because I know that when the problem gets solved from the top the solutions will reflect their concerns. Think about this situation and I think you will all agree that this is a serious problem that could cripple the Arpanet and anyother net that lets things like this happen without control. dennis ——— From: Jordan K. Hubbard Dennis, Sorry about the mixup on your location and position within DARPA. I got the news of your call to Richard Olson second hand, and I guess details got muddled along the way. I think the best solution to this problem (and other problems of this nature) is to tighten up the receiving ends. Assuming that the network is basically hostile seems safer than assuming that it's benign when deciding which services to offer. I don't know what Sun has in mind for Secure RPC, or whether they will move the release date for 4.0 (which presumably incorporates these features) closer, but I will be changing rwalld here at Berkeley to use a new YP database containing a list of "trusted" hosts. If it's possible to change RPC itself, without massive performance degradation, I may do that as well. My primary concern is that people understand where and why unix/network security holes exist. I've gotten a few messages from people saying that they would consider it a bug if rwall *didn't* perform in this manner, and that hampering their ability to communicate with the rest of the network would be against the spirit of all it stands for. There is, of course, the opposite camp which feels that IMP's should only forward packets from hosts registered with the NIC. I think that either point of view has its pros and cons, but that it should be up to the users to make a choice. If they wish to expose themselves to potential annoyance in exchange for being able to, uh, communicate more freely, then so be it. If the opposite is true, then they can take appropriate action. At least an informed choice will have been made. Yours for a secure, but usable, network. From: Dennis G. Perry Jordan, thanks for the note. I agree that we should discover and FIX holes found in the system. But at the same time, we don't want to have to shut the thing down until such a fix can be made. Misuse of the system get us all in a lot of trouble. The Arpanet has succeeded because of the self policing community. If this type of potential for disruption gets used by very many people, I guarentee that we all will not like the solution or fix proposed. dennis ———