Path: utzoo!attcan!uunet!husc6!rutgers!ucsd!ucbvax!pasteur!ucbarpa.Berkeley.EDU!fair
From: fair@ucbarpa.Berkeley.EDU (Erik E. Fair)
Newsgroups: news.admin
Subject: NNTP, Security, and the "webber" sendsys
Message-ID: <4248@pasteur.Berkeley.Edu>
Date: 4 Jul 88 02:52:43 GMT
References: 
Sender: news@pasteur.Berkeley.Edu
Organization: USENET Protocol Police, Western Gateway Division
Lines: 53

In the referenced article, Bob.Webber@aramis.RUTGERS.EDU writes:
	I am told that the messages were actually fed in at the
	rutgers gateway itself via the joys of Eric Fair's nntp.

First, I'd like to take this opportunity to correct Dr. Webber's
spelling. My name is "Erik", not "Eric". Write whatever you want
about me, but spell my name right!

Second, NNTP is by no means mine. Most of the work was done by Phil
Lapsley, who wrote the daemon, and hacked up "rn" to be the first
reader client. Brian Kantor wrote some software in a parallel
effort, and he wrote nearly all of what became RFC977. I wrote the
news transfer client, kibitzed a lot on the spec, and played
"marketeer" for it. Several other people have written reader clients
for operating systems other than UNIX (e.g. TOPS-20, VMS, Symbolics
Lisp Machines, System V, MS/DOS, etc.)

Third, NNTP provides as much security as we thought was reasonably
useful, given that netnews itself has no authentication at all,
and no protection against forgeries. The NNTP daemon can discriminate
between sites, offering four levels of service: none (i.e. connection
refused), transfer (they're allowed to give us articles, and fetch
stuff by message-id), reader (they're allowed to give the group
command, and fetch things by sequence number), and post (they're
allowed to use the post command).

Discrimination can be done on network, sub-network, or per-host
basis, with distribution security (e.g. if you're a company on the
internet with NNTP and internal newsgroups, you can allow transfer,
and still prevent people from outside your network from fetching
articles in your internal newsgroups). The NNTP daemon also logs
stuff out the wazoo (Phil and I believe very strongly in logging;
it allows you to figure out what's going on in lots of situations).

Most Internet sites, at our recommendation, allow anyone to do
transfer so that, among other things, if anyone needs to examine
a particular article at lots of sites, it's easy to do so (I've
done this upon occasion). However this all gets logged, so the only
way that the perpetrator of the "webber" sendsys can hope to escape
notice is if he is already at one of Rutgers' normal netnews feeds
(assuming s/he dropped it on Rutgers).  At that point, someone will
have to examine the NNTP and news logs of Rutgers very closely, to
try and match the times that the articles got processed by netnews,
along with which remote sites were speaking NNTP to Rutgers at the
time.

If s/he sent the article to some other sites in that Path:, each
of those sites should examine their logs as well.

I want to expose the culprit to public ridicule - it was a rather
stupid and wasteful thing to do. 

	Erik E. Fair	ucbvax!fair	fair@ucbarpa.berkeley.edu