Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: xgrid and john the ripper

I dont really mean for this to be a flame, but really guys...

A bunch of users talking up applications, and usability of a
distributed processing system who sit around and debate whether
freakin' mail headers valid?!!!

And whoever wants to defer to 'someone at the FBI' better borrow some
money and purchase a clue!
Could we please just get back to the subject at hand?! xgrid, it's
applications and usability.
Can you guys get over the fact that a bunch of lusers think that it is
cool that some idiot forged an FBI address? There's more important
stuff to talk about. Plus its obvious that either the address is
forged, or not. If it's not forged, the FBI doesn't want you to know.
If it is, then it is...

Personally, his was a good question. And janos had the best answer. I
bet that there are other password crackers that are pointed at
distributed solutions though.

While I'm here, I should ask what's the difference between an xgrid
cluster, and a beowulf? I'm thinking about running the agents on my
linux beowulf in the basement, it seems like it would be easy enough.
But I'm not sure whether things like MM5 would still run or not. Is
there MPI for xgrid?

Sorry if I bent any feathers, but I just think we need to answer
questions, and not get caught up in who or what for...

Thanks

David

On Jul 27, 2004, at 7:52 PM, james woodyatt wrote:

> On 27 Jul 2004, at 4:39 PM, Don Thompson wrote:
>>
>> The address looks good. What more would you suggest checking. The
>> headers on the message will indicate that it came through the xgrid
>> users list.
>
> The address is easily forged.  The "Received" headers are *much*
> harder to tickle.  This is kinda off-topic, but I think I can finish
> it up with some Xgrid-related content.  Scroll down if you want.
>
> So here's something useful to know about the FBI that I just
> discovered looking into this.  It turns out they *DON'T* have their
> own mail servers (or even DNS servers) for the fbi.gov domain.  They
> rent access to the mail servers of AT&T Global Network Services.  You
> can find them in the DNS the same way your mail server finds them: by
> querying for the MX records.
>
> I'm not sure that makes me feel warm and fuzzy about the security of
> the FBI's mail transfer systems.  Is this new?  I don't remember this
> being the case the last time I had reason to correspond with an FBI
> agent.
>
>> Last login: Tue Jul 27 16:33:34 on console
>> Welcome to Darwin!
>> woodjam:~ jhw$ dig mx fbi.gov
>>
>> ; <<>> DiG 9.2.2 <<>> mx fbi.gov
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26709
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;fbi.gov.                       IN      MX
>>
>> ;; ANSWER SECTION:
>> fbi.gov.                300     IN      MX      0 mx2.prserv.net.
>> fbi.gov.                300     IN      MX      0 mx1.prserv.net.
>>
>> ;; AUTHORITY SECTION:
>> fbi.gov.                300     IN      NS      dns.sprintip.com.
>> fbi.gov.                300     IN      NS      dns2.sprintip.com.
>>
>> ;; Query time: 103 msec
>> ;; SERVER: 17.206.12.12#53(17.206.12.12)
>> ;; WHEN: Tue Jul 27 16:40:29 2004
>> ;; MSG SIZE  rcvd: 131
>
> The prserv.net domain is registered to AT&T Global Network Services.
>
> Now, have a look at the raw source of the message from Eric Chapman,
> claiming to originate at the FBI.  Specifically, check the "Received:"
> header fields which show a hop-by-hop record of the mail servers the
> message passes through...
>
>> [...]
>> Received: from lists.apple.com (lists.apple.com [17.254.0.151])
>> 	by mail-in5.apple.com (8.12.11/8.12.11) with ESMTP id
>> i6RKgDYW023979	for
>>  <email@hidden>; Tue, 27 Jul 2004 13:42:14 -0700 (PDT)
>> Received: from lists.apple.com (localhost [127.0.0.1])
>> 	by lists.apple.com (8.12.9/8.12.9) with ESMTP id i6RKbMWJ019859; Tue,
>>  27 Jul 2004 13:37:22 -0700 (PDT)
>> Received: from prserv.net (asmtp1.prserv.net [32.97.166.51])
>>  by lists.apple.com (8.12.9/8.12.9) with ESMTP id i6RKZc1D019800 for
>>  <email@hidden>; Tue, 27 Jul 2004 13:35:39 -0700 (PDT)
>> Received: from [10.248.52.9] (<unknown.domain>[63.167.71.254])
>>  by prserv.net (asmtp1) with SMTP id <2004072720355625100h8273e>
>>  (Authid: wbt3p3t); Tue, 27 Jul 2004 20:35:57 +0000
>> [...]
>
> The fields are prepended at each transfer agent, so the last one in
> the list is where the SMTP agent used by "Eric Chapman" announced that
> it was forwarding the message.  It says that it was received from some
> user agent named (with a domain literal) [10.248.52.9] which connected
> from an address without any reverse DNS records, which probably
> corresponds to a NAT device with the address 63.167.71.254.  This is
> an address currently allocated to Sprintlink (Sprint) according to the
> ARIN WHOIS database.  The mail server is operated by AT&T Global
> Network Services, and the authoritative name server is a SprintLink
> server.  I think AT&T may have purchased SprintLink assets and they
> haven't renamed.  Furthermore, the address appears to be allocated to
> the block of SprintLink addresses used in Reston, VA so this message
> actually may have originated at the FBI.
>
> It's annoying that the FBI is outsourcing its IT services like this,
> because it makes it harder to build confidence in the authenticity of
> their messages (among other good reasons to be annoyed).  I think if
> the FBI has an ongoing investigation and would like to consult with
> Apple technical staff about potentially criminal applications for
> Xgrid, then a teleconference would be the appropriate thing to
> arrange.
>
> -----
>
> ObXGrid: issues related to message header forgery, user authentication
> and application-layer security on the global Internet are difficult to
> work.  Xgrid isn't currently suitable for use on public networks for
> these reasons, but the good news is that its foundation in the BEEP
> protocol means that extending the application protocol so that it can
> be safely and securely used on the public Internet should be
> *possible* in the long term without having to make revolutionary
> changes to the session-layer protocol.  BEEP was designed to be
> suitable for use on public networks with untrusted links and nodes.
> I'm not on the Xgrid team, though and I have no idea what their plans
> might be in this direction.
>
> (Okay, I may be reaching to stay on topic, but don't say I didn't try.)
>
>
> --
> james woodyatt <email@hidden>
> _______________________________________________
> xgrid-users mailing list | email@hidden
> Help/Unsubscribe/Archives:
> http://www.lists.apple.com/mailman/listinfo/xgrid-users
> Do not post admin requests to the list. They will be ignored.

[demime 0.98b removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
_______________________________________________
xgrid-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/xgrid-users
Do not post admin requests to the list. They will be ignored.
References: 
 >xgrid and john the ripper (From: Eric Chapman <email@hidden>)
 >Re: xgrid and john the ripper (From: "Pierce T.Wetter III" <email@hidden>)
 >Re: xgrid and john the ripper (From: james woodyatt <email@hidden>)
 >Re: xgrid and john the ripper (From: "Pierce T.Wetter III" <email@hidden>)
 >Re: xgrid and john the ripper (From: james woodyatt <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.