[1370] in bugtraq
Re: Network Monitoring and Control (announcement)
daemon@ATHENA.MIT.EDU (Andrew V. Kovalev)
Sat Apr 1 08:44:49 1995
To: root@madhouse.com (root)
Date: Sat, 1 Apr 1995 15:09:49 +0400 (GMT+4:00)
Cc: mcn@EnGarde.com, bugtraq@fc.net
In-Reply-To: <Pine.3.89.9503310518.C96-0100000@madhouse.com> from "root" at Mar 31, 95 05:46:28 am
From: "Andrew V. Kovalev" <Andrew.V.Kovalev@jet.msk.su>
> > any connection, setting up makeshift firewalls, or even TAKING OVER
> > (hijacking) any connection.
> >
>
> Sounds ok if your charged with providing security for a corporate,
> government or military site, but in the case of pay commercial hosts this
> should be illiegal, if not downright immoral. How much privacy should I
> expect from a provider? I mean I am paying for services, and there was
> some limited agreement to services. I think you better put in a
> statement saying YOUR SESSION WILL BE WATCHED AND IF WE FEEL YOU'RE
> BEING POLITCALLY INCORRECT WE WILL TAKE OVER YOUR SESSION.
>
[....]
>
> Am I the only one who feels this is an invasion of privacy?
>
> Chris
>
I don't think this is worse than a trivial sniffer etc.. And the ability
to hijack a connection is really valuable when you are dealing with some
wannabe cracker... Session monitoring tools are readily available for a
long time. If you really want your TCP session to be safe - use
encryption, it will protect you from watcher as well.
I think Watcher is a valuable tool for those who wants their site to be
secure.
avk
