Wide Release (Re: PGPfone (BETA TEST) is released)
ftp host: net-dist.mit.edu, AKA bitsy.mit.edu 220 bitsy FTP server (Version wu-2.4(1) Thu Apr 14 20:21:35 EDT 1994) ready. USER ftp 331 Guest login ok, send your complete e-mail address as password. PASS ***** 230-Welcome, archive user! This is an experimental FTP server. If have any 230-unusual problems, please report them via e-mail to ftp-bugs@bitsy 230-If you do have problems, please try using a dash (-) as the first character 230-of your password -- this will turn off the continuation messages that may 230-be confusing your ftp client. 230- 230-Please read the file README 230- it was last modified on Sat May 28 19:19:36 1988 - 2643 days ago 230 Guest login ok, access restrictions apply. PWD 257 "/" is current directory. MACB E 500 'MACB E': command not understood. TYPE A 200 Type set to A. CWD /pub/PGPfone 250-Please read the file README 250- it was last modified on Fri Aug 25 15:52:05 1995 - 0 days ago 250 CWD command successful. PORT 199,117,100,36,7,146 200 PORT command successful. LIST 150 Opening ASCII mode data connection for /bin/ls. total 29 -r--r--r-- 1 0 1001 4287 Aug 25 15:52 README drwxr-x--- 4 1 27 512 Aug 25 17:00 dist -r--r--r-- 1 0 1001 2172 Aug 24 22:02 mitlicen.txt -r--r--r-- 1 0 1001 19546 Aug 24 23:43 rsalicen.txt 226 Transfer complete. CWD /pub/PGPfone/dist 250 CWD command successful. PORT 199,117,100,36,4,177 200 PORT command successful. LIST 150 Opening ASCII mode data connection for /bin/ls. total 2 drwxr-xr-x 2 435 27 512 Aug 25 15:24 U.S.-only-XXXX drwxrwxr-x 2 0 27 512 Aug 25 15:13 secret99 226 Transfer complete. CWD /pub/PGPfone/dist/secret99 250 CWD command successful. PORT 199,117,100,36,7,178 200 PORT command successful. LIST 150 Opening ASCII mode data connection for /bin/ls. total 2271 -r--r--r-- 1 0 27 764444 Aug 25 15:12 PGPfone10.sea.Hqx -r--r--r-- 1 0 27 751220 Aug 25 12:50 PGPfone10.sea.Hqx.OLD -r--r--r-- 1 0 27 750964 Aug 24 23:30 PGPfone10.sea.Hqx.OLDER -r--r--r-- 1 0 27 2172 Aug 24 22:02 mitlicen.txt -r--r--r-- 1 0 27 19546 Aug 24 23:43 rsalicen.txt 226 Transfer complete. CWD /pub/PGPfone/dist/U.S.-only-XXXX 250 CWD command successful. PORT 199,117,100,36,6,161 200 PORT command successful. LIST 150 Opening ASCII mode data connection for /bin/ls. total 760 -r--r--r-- 1 0 27 764444 Aug 25 15:12 PGPfone10.sea.Hqx 226 Transfer complete.
ftp host: net-dist.mit.edu, AKA bitsy.mit.edu
220 bitsy FTP server (Version wu-2.4(1) Thu Apr 14 20:21:35 EDT 1994) ready. USER ftp 331 Guest login ok, send your complete e-mail address as password. PASS *****
The fact that it uses exactly 5 *'s, and the MACB E command below indicate this was probably an Anarchie transcript, a ftp/archie client for the Mac.
PWD 257 "/" is current directory. MACB E 500 'MACB E': command not understood. TYPE A 200 Type set to A.
CWD /pub/PGPfone 250-Please read the file README 250- it was last modified on Fri Aug 25 15:52:05 1995 - 0 days ago 250 CWD command successful. PORT 199,117,100,36,7,146
Too bad "Anonymous" isn't more aware of the FTP protocol. This indicates that the connection was made from 199.117.100.36, p36.Boulder-2.dialup.csn.net.
200 PORT command successful. LIST 150 Opening ASCII mode data connection for /bin/ls. total 29 -r--r--r-- 1 0 1001 4287 Aug 25 15:52 README drwxr-x--- 4 1 27 512 Aug 25 17:00 dist -r--r--r-- 1 0 1001 2172 Aug 24 22:02 mitlicen.txt -r--r--r-- 1 0 1001 19546 Aug 24 23:43 rsalicen.txt 226 Transfer complete.
CWD /pub/PGPfone/dist 250 CWD command successful.
This indicates "Anonymous" is either making up everything from this point on, or has access to the machine other than normal anonymous FTP. The permissions on dist would prevent the CWD from happening. Actually, the permissions on dist prevent this from working at all. Look, if you want to make PGPfone available overseas in violation of ITAR, go ahead. It's a stupid law, and you aren't likely to get caught. But don't make MIT or Phil the fall guy for it. Send it out yourself. MIT and Phil have contributed greatly to the privacy community, and stupid stunts like this aren't going to encourage them much. Bob
cg@bofh.lake.de said:
This indicates "Anonymous" is either making up everything from this point on, or has access to the machine other than normal anonymous FTP. The permissions on dist would prevent the CWD from happening. Actually, the permissions on dist prevent this from working at all. Wrong. The FTP daemon probably has a wrapper around it which checks where the call comes from. When it thinks you come from the U.S. or Canada, it probably starts up the FTP daemon in group 27, otherwise in the default anonymous group. The idea is nice, but you have to implement it correctly, of course.
You appear to be correct. I came in from a .net address, which MIT apparently feels is non-US, and they would be correct about some .net's, but that's true of .com and .edu as well. I came in from a Multinational corporation in .com, and it let me in. :-)
That's the dillema: if you export it, you are taking the risk they won't put up this kind of software for FTP the next time. If you don't, you are complying with these stupid laws... But anyway, with the present state of the MIT FTP server, PGPfone is likely to be all over the (non-US-and-Canada) place before the weekend is over.
But if people get it from MIT directly, then MIT is violating ITAR/DTR, and its lawyers would be justified in shutting things down. If it's pulled down by a US citizen, and then sent out, I don't see how MIT could be held responsible for it. Bob
participants (3)
-
anon-remailer@utopia.hacktic.nl -
Bob Snyder -
cg@bofh.lake.de