At 19:45 1/24/95, Paul Ferguson wrote: >I would very much like to hear opinions on this list, in particular, >on the intrusion detection analysis track with regards to most >recent 'IP Spoofing' and 'Hijacked' tcp connection thread. [...] >I would like to enlist the opinions, tacts and input from the list >members; up until now, this list has been _very_ quiet. I agree..it sure has been quiet out here. More important, and what got my attention was an article in today's (1/24) SF chron which stated: "The most recent breach was detected on Christmas Day when a computer security expert at the San Diego Supercomputer Center was robbed of security software by an unknown individual or group that took over his computer for the day." Of interest also was that the tools were subsequently posted at an .edu site and then taken off the net by their administrators. This incident is just the tip of the iceberg. I'm fear that we all may get spooled off in a router discussion eddy and miss the importance of what the other tools were and what they do. How's that for another catalyst? frank Frank Swift L-321 (Sent from Home) Unclassified Computer Security Coordinator Lawrence Livermore National Laboratory (LLNL) 7000 East Avenue L-321 Livermore CA 94550-9516 Voice: (510) 422-1463 FAX: (510) 423-0913