ch08.htm

Maximum Security (First Edition) 网络安全 英文版

session reviewing posted messages (or <I>articles</I>) to the Usenet group.</P>
<P><A NAME="05"></A><A HREF="05.htm"><B>Figure 8.5.</B></A><B><BR>
</B><I>A typical Usenet session using Free Agent by Forte.</I></P>
<P>Usenet news is basically a massive, public bulletin board system. On it, users
discuss various topics of interest. They do this by <I>posting</I> messages to the
system. These messages are saved and indexed with all messages on that topic. The
totality of messages posted on a particular topic form a discussion <I>thread</I>.
This thread is generally arranged chronologically. The typical progression is this:

<DL>
	<DD><B>1. </B>One user starts a thread by posting a message.<BR>
	<BR>
	<B>2. </B>Another user sees this message, disagrees with the original poster, and
	posts a rebuttal.<BR>
	<BR>
	<B>3. </B>More users see this exchange and jump in on the action, either supporting
	or rebutting the original posts (and all subsequent ones.)
</DL>

<P>If this sounds adversarial, it's because it is. Although peaceful Usenet discussions
are common, it is more common to see arguments in progress.</P>
<P>In any event, Usenet messages are probably the most graphic example of free speech
in America. One can openly express opinions on any subject. It is a right of all
Internet users. Sometimes, however, others directly interfere with that right. For
example, in September, 1996, someone erased approximately 27,000 messages posted
by various ethnic groups and other interested parties. As Rory J. O'Connor of the
Mercury News reported:

<DL>
	<DD>One of the more popular mass communication forms on the Internet was sabotaged
	last weekend, wiping clean dozens of public bulletin boards with tens of thousands
	of messages frequented by Jews, Muslims, feminists, and gays, among others.
</DL>

<P>This type of activity, called <I>canceling</I>, is common and, to date, there
is no clear application of U.S. law to deal with it. For example, some legal experts
are still debating whether this constitutes an offense as defined under current law.
Offense under criminal law or not, it would appear that such activity could constitute
a tort or civil wrong of some classification. For example, the Internet has not yet
been the target of any lawsuit based on antitrust law. However, it would seem reasonable
that antitrust claims (those alleging attempted restraint of interstate commerce)
could apply. This is a question that will undoubtedly take a decade to sort out.
For although the technology of the Internet moves quickly indeed, the legal system
grinds ahead at a slow pace.</P>
<P><I>Canceling</I> refers to that activity where a user generates a <TT>cancel</TT>
command for a given Usenet message. By sending this <TT>cancel</TT> command, the
user erases the Usenet message from the Internet. This feature was added to the Usenet
system so that a user could cancel a message if he or she suddenly decided it wasn't
appropriate or had lost its value. This is discussed more in Chapter 13, &quot;Techniques
to Hide One's Identity.&quot;


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>If you are interested
	in cancel techniques and want to know more, there are several resources. First, the
	definitive document on what types of cancels are permitted is at <A HREF="http://www.math.uiuc.edu/~tskirvin/home/rfc1036b"><B>http://www.math.uiuc.edu/~tskirvin/home/rfc1036b</B></A>.</P>
	<P>The FAQ about cancel messages is at <A HREF="http://www.lib.ox.ac.uk/internet/news/faq/archive/usenet.cancel-faq.part1.html"><B>http://www.lib.ox.ac.uk/internet/news/faq/archive/usenet.cancel-faq.part1.html</B></A><B>.</B>
	
<HR>


</BLOCKQUOTE>

<P>Cancel techniques are often used against advertisers who attempt to flood the
Usenet network with commercial offerings (this activity is referred to as <I>spamming</I>).
Such advertisers typically use commercial software designed to make Usenet postings
en masse. This is required for the task, as there are over 20,000 Usenet groups to
date. To target each one would be no less laborious than mailing 20,000 e-mail messages.
Thus, mass-posting utilities are becoming the latest hot item for commercial advertisers.
Alas, they may be wasting their money.</P>
<P>Several individuals skilled in Internet programming have created <I>cancelbots</I>.
These are programs that go onto the Usenet network and search for messages that fit
programmer-defined criteria. When these messages are identified, they are canceled.
This can be done by anyone on a small scale. However, this technique is impractical
to generate cancels en masse. For this, you use a cancelbot. Cancelbots are <I>robots</I>,
or automated programs that can automatically cancel thousands of messages.</P>
<P>In the past, these utilities have been used primarily by purists who disapprove
of commercialization of the Net. They chiefly target advertisers who fail to observe
good Netiquette. The Usenet community has traditionally supported such efforts. However,
a new breed of canceler is out there: This breed cancels out of hatred or intolerance,
and the phenomenon is becoming more prevalent. In fact, cancelbots are just the tip
of the iceberg.</P>
<P>Many special-interest groups take their battles to the Net, and cancel messaging
is one weapon the often use. For example, consider the debate over Scientology. The
Church of Scientology is a large and influential organization. Many people question
the validity of the Scientologist creed and belief. In the past few years, several
open wars have erupted on the Usenet network between Scientologists and their critics.
(The Usenet group in question here is <A HREF="news:alt.religion.scientology"><B>alt.religion.scientology</B></A>.)
These wars were attended by some fairly mysterious happenings. At one stage of a
particularly ugly struggle, when the Scientologists seemed overwhelmed by their sparring
partners, a curious thing happened:

<DL>
	<DD>And thus it was that in late 1994, postings began to vanish from <A HREF="news:alt.religion.scientology">alt.religion.scientology</A>,
	occasionally with an explanation that the postings had been &quot;canceled because
	of copyright infringement.&quot; To this day, it is not known who was behind the
	deployment of these &quot;cancelbots,&quot; as they are known. Again, the CoS disclaimed
	responsibility, and the anti-Scientology crowd began to refer to this anonymous participant
	simply as the &quot;Cancel-bunny,&quot; a tongue-in-cheek reference to both the Energizer
	bunny and to a well-known Net inhabitant, the Cancelmoose, who has taken it upon
	himself (itself?, themselves?) to set up a cancelbot-issuing process to deal with
	other kinds of spamming incidents. But whoever or whatever the Cancelbunny may be,
	its efforts were quickly met by the development of yet another software weapon, appropriately
	dubbed &quot;Lazarus,&quot; that resurrects canceled messages (or, more accurately,
	simply alerts the original poster, and all other participants in the newsgroup, that
	a specific message has been canceled, leaving it up to the original poster to reinstate
	the message if he or she were not the party that issued the cancel command).<FONT
	SIZE="1"><SUP>1</SUP></FONT>
</DL>



<BLOCKQUOTE>
	<P>
<HR>
<FONT SIZE="2"><SUP>1</SUP></FONT>&quot;The First Internet War; The State of Nature
	and the First Internet War: Scientology, its Critics, Anarchy, and Law in Cyberspace.&quot;
	David G. Post, <I>Reason</I> magazine. April, 1996. (Copyright trailer follows: (c)
	1996 David G. Post. Permission granted to redistribute freely, in whole or in part,
	with this notice attached.) 
<HR>
</P>

</BLOCKQUOTE>

<P>The controversy between the Scientologists and their critics was indeed the first
war on the Internet. That war isn't over yet, either. Unfortunately for all parties
concerned, the war wafted out of cyberspace and into courts in various parts of the
world. In short, warring in cyberspace simply wasn't satisfying enough. The combatants
have therefore taken to combat in the real world.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>If you are genuinely
	interested in this war, which is truly brutal, visit <A HREF="http://www.cybercom.net/~rnewman/scientology/home.html"><B>http://www.cybercom.net/~rnewman/scientology/home.html</B></A>.
	
<HR>


</BLOCKQUOTE>

<P>The Internet is an odd place, and there are many people there who want to harm
each other. In this respect, the Internet is not radically different from reality.
The problem is that on the Internet, these people can find each other without much
effort. Furthermore, violent exchanges are almost always a public spectacle, and
the Internet has no riot police. You have choices, and here they are:

<UL>
	<LI>Don't get involved
	<LI>Speak softly and carry a big stick
	<LI>Get a UNIX box and some serious hacking experience
</UL>

<P>I recommend a combination of the first and last options. That way, you are out
of the line of fire. And if, for some inexplicable reason, someone pulls you into
the line of fire, you can blow them right out of cyberspace.
<H3><FONT COLOR="#000077"><B>Internet Service Providers</B></FONT></H3>
<P>Internet service providers (ISPs) are the most likely to engage in warfare, immediately
followed by universities. I want to address ISPs first. For our purposes, an ISP
is any organization that provides Internet access service to the public or even to
a limited class of users. This definition includes freenets, companies that provide
access to their employees, and standard ISPs that provide such services for profit.
<I>Internet access service</I> means any service that allows the recipient of such
service to access any portion of the Internet, including but not limited to mail,
Gopher, HTTP, Telnet, FTP, or other access by which the recipient of such services
may traffic data of any kind to or from the Internet.</P>
<P>ISPs are in a unique position legally, commercially, and morally. They provide
service and some measure of confidentiality to their users. In that process, they
undertake a certain amount of liability. Unfortunately, the parameters of that liability
have not yet been adequately defined in law. Is an ISP responsible for the content
of its users' messages?</P>
<P>Suppose users are utilizing the ISP's drives to house a pirated software site.
Is the ISP liable for helping facilitate criminal activity by failing to implement
action against pirates?</P>
<P>If a cracker takes control of an ISP and uses it to attack another, is the first
ISP liable? (Did it know or should it have known its security was lax and thus the
damages of the victim were foreseeable?)</P>
<P>If a user retouches trademarked, copyrighted cartoon characters into pornographic
representations and posts them on a Web page, is the ISP at fault?</P>
<P>These are questions that have yet to be answered. And from the first case where
a plaintiff's attorneys manage to hoist that liability onto ISPs, the freedom of
the Internet will begin to wither and die. These are not the only problems facing
ISPs.</P>
<P>Because they provide Internet access services, they have one or more (usually
thousands of) individuals logged into their home network. This presents a terrific
problem: No matter how restrictive the policies of an ISP might be, its users will
always have some level of privilege on the network. That is, its users must, at a
minimum, have access to log in. Frequently, they have more.</P>
<P>Granted, with the advent of HTML browsers, the level of access of most users is
now lower than in the past. In earlier years, users of an ISP's services would log
in via Telnet. Thus, users were logged directly to the server and received shell
access. From this point, such users were capable of viewing many different files
and executing a variety of programs. Thus, for ISPs of the old days, internal threats
were substantial. In contrast, most users access today using some dial-up program
that provides a PPP link between them and the ISP. The remaining navigation of the
Internet is done through a browser, which often obviates the need for the user to
use Telnet. Nevertheless, internal threats remain more common than any other type.</P>
<P>The majority of these threats are from small-time crackers looking to steal the
local password files and gain some leverage on the system. However, there exists
a real risk of attacks from the outside. Sometimes, for no particular reason, crackers
may suddenly attack an ISP. Here are some recent examples:</P>

<UL>
	<LI>A cracker repeatedly attacked an ISP in Little Rock, Arkansas, at one point taking
	down its servers for a period of more than four hours. The FBI picked up that case
	in a heartbeat.<BR>
	<BR>
	
	<LI>Panix.com was subjected to an onslaught of denial-of-service attacks that lasted
	for more than a week.
</UL>

<P>Cybertown, a popular spot for Net surfers, was cracked. Crackers apparently seized
control and replaced the attractive, friendly Web pages with their own. This same
group of crackers reportedly later seized control of Rodney Dangerfield's site. Mr.
Dangerfield, it seems, cannot get any respect, even on the Internet.</P>
<P>Universities are in exactly the same position. The only major difference is that
universities have some extremely talented security enthusiasts working in their computer
science labs. (Some of the higher-quality papers about security posted to the Internet
have come from such students.)</P>
<P>These entities are constantly under attack and in a state of war. So what types
of tools are they using to protect themselves? Not surprisingly, most of these tools
are defensive in character. The majority, in fact, may do less to protect than to
gather evidence. In other words, Big Brother is watching because crackers have forced
him to do so.</P>