(A Javascript-enabled browser is required to email me.)

Opinions on Zero Tolerance -- Rich Graves

This material is Copyright © by Rich Graves <llurch@stanford.edu>.

On Tue, 16 Apr 1996, Keith Dawson wrote:

> If you reply, please include any conditions or stipulations you want honored
> with respect to my making your reply public in a future issue of TBTF and in
> its permanent archive.

Oh, that. Um, everything in *this* reply should be considered public. That
other one, probably not. :-)

> ||| Anatomy of a protracted Net attack |||
> Fred Cohen <fc@all.net> is president of Management Analytics in Hudson,
> Ohio, a consulting firm specializing in Net security. The firm operates
> the Info-Sec Heaven site at <http://all.net/> and publishes a monthly

Fred Cohen, a human being, has an ISDN connection through psi.net. He
sells his dubious services under a number of fictitious busines names in a
largely unsuccessful attempt to be taken seriously.

> Apparently some twisted Netizen took this policy as a personal affront on
> his right to telnet wherever he damnwell pleased. Over a period of several
> days, a shadowy band of crackers used a newly discovered vulnerability in
> URLs to enlist innocent collaborators in a denial-of-service attack. (The


It doesn't take a genius.

By the way, the latest version of Netscape has taken a draconian approach
to this problem by breaking connections to unusual ports. Netscape 2.0.1
and later won't let you connect to the telnet port.

> Cohen has posted a detailed and disturbing account [3] of the attack on
> all.net. Read it if you've ever wondered what it's like to be a system ad-
> ministrator under siege.
> [1]  <http://all.net/journal/netsec/top.html>
> [2]  <http://all.net/journal/netsec/9603.html>
> [3]  <http://all.net/journal/netsec/9604.html>

For a detailed understanding of a disturbed individual, read the above. A
far more humorous and accurate account of the situation is provided by


[ TBTF for 1996-04-21 ]