From: “Jon ‘Iain’ Boone” <boone@psc.edu>
To: cypherpunks@toad.com
Message Hash: b5aa1c6ca8fdbe27a4abfe8925fbe014f2208fc209fd8b0f0af110ef20496791
Message ID: <9402031548.AA23590@igi.psc.edu>
Reply To: <199402030119.RAA17214@mail.netcom.com>
UTC Datetime: 1994-02-03 17:04:43 UTC
Raw Date: Thu, 3 Feb 94 09:04:43 PST
From: "Jon 'Iain' Boone" <boone@psc.edu>
Date: Thu, 3 Feb 94 09:04:43 PST
To: cypherpunks@toad.com
Subject: Re: New remailer up.
In-Reply-To: <199402030119.RAA17214@mail.netcom.com>
Message-ID: <9402031548.AA23590@igi.psc.edu>
MIME-Version: 1.0
Content-Type: text/plain
qwerty-remailer@netcom.com writes:
>
> Perry wrote,
> "However, make no mistake that Netcom can and will cooperate with the
> police if you use your remailer in a way that the government doesn't
> like, so it seems that the security afforded isn't that good."
>
> So you aren't interested unless you can commit serious felony crimes
> using a given remailer? I would be happy if criminals stayed away from
> my remailer. What do you mean by "security"? And if the police find out
> a personally owned machine was involved, I couldn't imagine them not
> just swooping in at midnight and taking it away at gunpoint. I hope
> those privately owned machines don't have logs ;-). In my mind, the whole
> secret to gaining privacy is not attracting attention in the first place.
> Using a remailer DOES allow a person to communicate anonymously with
> someone else, in two directions. If a party has enough power to tap
> Netcom, then sendmail logs or no sendmail logs, they will find you.
It seems that most (if not all) of netcom's unix machines are SunOS
based. If that is the case, by installing NIT in the kernel, one
would be able to grab all of the packets that flow across that
ethernet (192.100.81) This includes your remailer mail. The "cost"
to set this up would be the risk of being caught and the time and
trouble to come up with root on one of their sun machines. Aside
from the obvious legal risks, there are ethical considerations to
keep in mind. While I personally would not attempt such a thing,
there are many out there who feel otherwise.
I won't hack into mail.netcom.com to demonstrate that it is possible
to figure out who used your remailer. But, if one of the admins from
netcom wants to send me their syslogs, I'll do my best to put together
a correlation.
> and,
> "Besides, $20 is a paltry sum for the amount of work involved."
>
> Think of it as a trophy, which I'm sure most understood. I'm not offering
> you a job.
Yes, but the trophy is hardly worth the effort. Even though it wouldn't
cost $50,000 in terms of actual equipment or time, it might well take
such a sum to cause Perry to take the risk of being caught. Unless the
netcom folks are real slouches, I would think that they would notice
that their kernel had been re-compiled and the machine rebooted. Good
luck not being detected... Of course, there is always the off chance
that they already have NIT compiled into the kernel...
Jon Boone | PSC Networking | boone@psc.edu | (412) 268-6959
PGP Public Key fingerprint = 23 59 EC 91 47 A6 E3 92 9E A8 96 6A D9 27 C9 6C
Return to February 1994
Return to “qwerty-remailer@netcom.com”