North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: FBI / NIPC released a DDoSD detection tool?

  • From: Pat Myrto
  • Date: Thu Feb 10 13:52:40 2000

Roeland M.J. Meyer has declared that:
> I don't care where it purports to be from, for this kind of code, I will not
> trust something [to not be a trojan] that I can not compile myself. This
> policy applies to SSH, SSL, and other security related code. I am sure that
> I am not the only one with this policy.

The NIPC admitted that to me.  You are not the only one by a long shot.

I contacted the NIPC site, and sent email to the nicpc contact asking
about source, explaining the above concerns to them.  Their response
was they were valid concerns, but they basically didnt care.  NO
SOURCE.  "Trust us".

Hard to do knowing they are pushing for the legal right to install trojans
or backdoors on peoples computers w/o warrant or the persons knowlege or
permission - no way I would put anything on running as root on any system
I control.

Sad state of affairs, but I feel a prudent approach, given the attitude
of some agencies these days.

So, I responded that when they changed their policy and started regarding
the admins expected to rely on this as an ally in the effort to solve
these abuse problems, please let me know, we (where I work) would be glad
to participate.

Until then, however, thanks but no thanks.   I will muddle along using
other methods.

As such I am looking for open-src tools for finding and smoking out
these rogue daemons from other sources.

Pat M/HW

#include <std.disclaimer.h>    Pat Myrto (pat at rwing dot ORG)     Seattle WA
"On a more encouraging note, I have yet to see anything suggesting the Internet
is a threat to the mining industry. Our key assets are ore bodies and its hard
to see virtual ore bodies taking over."
     -- Market analist Jack Jones