LISTSERV - FERRET-SEARCH Archives - LISTSERV.FERRETMAILINGLIST.ORG

FERRET-SEARCH Archives

Searchable FML archives

FERRET-SEARCH@LISTSERV.FERRETMAILINGLIST.ORG

	LISTSERV Archives
	FERRET-SEARCH Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	To catch a forger
From:	"Chris Lewis, FML moderator" <[log in to unmask]>
Reply To:	The Ferret Mailing List (FML)
Date:	Thu, 1 Oct 1992 00:45:31 EDT
Content-Type:	text/plain
Parts/Attachments:	text/plain (106 lines)

I thought I'd let you know how things stand w.r.t. the "Great
Ferret Recipe Forgery".
 
The Received lines indicated that the messages came from, or
were injected at Reed U.  The message that you saw had a Received:
line of:
 
    Received: from 128.252.133.1 by reed.edu (/\==/\ Smail3.1.25.1 #25.21)
        id <[log in to unmask]>; Tue, 22 Sep 92 23:31 PDT
 
Seeing an unadorned IP address here is pretty unusual.  Generally means
that the sending system isn't known to the receiving system.  A pointing
finger.  There were no preceeding Received: lines, and the only
subsequent one was uunet.ca.  Which is *hard* to break into.
 
[The first message didn't have the "from ..." clause.  Reed upgraded
their version of Smail which resulted in more information.]
 
Telnetting to that address gives out the information that the machine
name is "wuecl", and is running SunOS.
 
WHOIS at nic.ddn.mil shows that 128.252 is Washington University in
Missouri, aka "wustl.edu".  The NIC doesn't have this specific IP
address listed as a "known host", just the higher level domain.
 
Telnetting to "wuecl.wustl.edu" succeeds, and is the same machine as
first telnetted to.
 
H'm.  Interesting.  I wonder...
 
Grepping the mailing list addressees, there is no "wuecl".  Too bad.
 
Going by traditional naming conventions, "wuecl" *probably* stands
for "Washington University Engineering Computing Lab".  Which tends
to suggest an open access machine that isn't necessarily "home"
to any users.  So I should look for wustl.edu:
 
Bingo!
 
    [log in to unmask]          (Karl Stiefvater)
 
And, interestingly enough, Karl was a member of the list from just
before the previous "incident" in March 19 (that I caught):
 
|             Issue number: 201
|        Date: Sun Dec 15 09:52:03 EST 1991
|
| ...
| ...
|----------------------------------------
|Date: Sat, 14 Dec 91 23:56 PST
|From: [log in to unmask] (Karl Stiefvater)
|
|Subject: suscribe subscribe
|Please add me to the mailing list.. I love ferrets.
|   Thanks,
 
And Karl hasn't submitted *anything* to the list since then.
 
All circumstantial to be sure - anyone with the slightest talent
would have known how to forge the IP address to protect against
this sort of backtracking.  And fingering the one person at WU
on the list is more than a little tenuous.  It could even be
someone else at WU playing a joke on Karl.
 
It certainly wouldn't stand up in a court of law.  But I'm pretty
satisfied - the evidence fits juvenile harassing behaviour - wanting
to see the ruckus.  What's worse is that the evidence points to our
"friend" being staff or graduate student.  Because normally undergrads
get their accounts purged after each term, but the message was bit-for-bit
identical in March and in September...  At least a talented person could
come up with a different and better one after all that time...
 
This is my position: forgeries, regardless of content, are totally
unacceptable.  You can say anything you want, including trying to
get your jollies from starting a flame war, *provided* that your
real name is there.  Freedom of speech does include jokes in very
poor taste, but it's coupled with the responsibility of being known
for who you really are - except in special circumstances that don't
apply here - certainly not to harassing behaviour.
 
This is not to say that I would have permitted an unforged Ferret
Recipe through the mailing list.  I would still have trashed it.
But I wouldn't have gotten mad.
 
This is what I *could* do: send mail off to the administrator
at Reed and at Washington U including all of the evidence above.
Not because of the content, but because of the forgery, misuse
of resources, and pointing out the security problem at both
Reed and WU.  And I know that many organizations, including
Universities, take a very dim view of such behaviour, regardless
of content.  Up to and including expulsion or firing (eg: sendsys
bombing, email harassment).
 
But I'm not going to do this.  In fact, I'm not even going to
pull Karl's subscription to the FML.  After all, I could be
wrong.  Though, I don't imagine that WU would take any serious
action unless they were able to prove using their own logs that
friend Karl was responsible.  On the other hand, if I'm not,
Karl'll get to see the messages on the FML telling him what an
ass he is.
 
Grow up child.
 
[Posted in FML issue 0322]

ATOM RSS1 RSS2

LISTSERV.FERRETMAILINGLIST.ORG