Export control FTP servers
I do what RSADSI does with ftp.rsa.com. It requires a cronjob and sed. I didn't get the NSA to approve it, but I figure if it's good enough for RSADSI it's good enough for me.
I believe some of the following has been posted here before. The person to speak with is John Sonderman Office of Defense Trade Department of Compliance 703 875 6644 He's supposed to be Internet-aware. What's not common knowledge is that he's leaving by early December for budgetary reasons. If you're thinking of putting export controlled stuff up for FTP, you should probably contact John now. /r$
well, since it is "official" policy and the basics concern rejecting all foreign addresses and making the proposed recipient agree to a file statement agreeing not to export and that he/she/it is an American or Canadian citizen, it might be nice if someone who has the `sed ....` and/or `awk...` scripts would post them for all to use (with whatever disclaimers, etc.) On Mon, 20 Nov 1995, Rich Salz wrote:
I do what RSADSI does with ftp.rsa.com. It requires a cronjob and sed. I didn't get the NSA to approve it, but I figure if it's good enough for RSADSI it's good enough for me.
I believe some of the following has been posted here before. The person to speak with is John Sonderman Office of Defense Trade Department of Compliance 703 875 6644 He's supposed to be Internet-aware. What's not common knowledge is that he's leaving by early December for budgetary reasons. If you're thinking of putting export controlled stuff up for FTP, you should probably contact John now. /r$
#!/bin/sh umask 022 DIRNAME=`cat $HOME/.usonlydir` NEWDIRNAME=`/usr/local/bin/pseudo-random | /usr/local/bin/md5sum` cd /u1/ftp/pub/US-only mv I_will_not_export_$DIRNAME I_will_not_export_$NEWDIRNAME cd .. sed -e "s/$DIRNAME/$NEWDIRNAME/" < README.US-only > README.new mv README.new README.US-only echo $NEWDIRNAME > $HOME/.usonlydir -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org
sameer@c2.org writes: [ 'passwd'/'secret' is NEWDIRNAME : ]
NEWDIRNAME=`/usr/local/bin/pseudo-random | /usr/local/bin/md5sum` [...] Hey hey, cool, what a great security ! now can you please send source for /usr/local/bin/pseudo-random ? :-)))
dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept PGP Clinton ammunition Greenpeace Croatian Kennedy genetic
I just used the following simple shell script. Not very secure but does the trick for the purposes of export controlled directories. #!/bin/sh (date; uptime; ps -e; netstat; set) | md5sum That one is quite good, you could also feed $1 which would be the
Mark M. writes: previous "pass". Btw I'd suggest that you use netstat -n if you don't want it to take ages to resolve all the IP->name. dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept PLO [Hello to all my fans in domestic surveillance] Mossad FSF class struggle explosion hack
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 23 Nov 1995, Laurent Demailly wrote:
sameer@c2.org writes: [ 'passwd'/'secret' is NEWDIRNAME : ]
NEWDIRNAME=`/usr/local/bin/pseudo-random | /usr/local/bin/md5sum` [...] Hey hey, cool, what a great security ! now can you please send source for /usr/local/bin/pseudo-random ? :-)))
I just used the following simple shell script. Not very secure but does the trick for the purposes of export controlled directories. #!/bin/sh (date; uptime; ps -e; netstat; set) | md5sum - -- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by mkpgp, a Pine/PGP interface. iQCVAwUBMLVFB7Zc+sv5siulAQFH8gQAia001FgQfLTK7B97vB7KMH/eAb2RWG/a MjO3x8Mp1FkHnyI5/hKvvxP2MEn8O69XPMIqKqn/dcflok807qJ9mnNh0MciHTMm H5qStR3S36zFQyxLjrOcLN/9EzudsRIWndIX+/FFyBV7cNCSfUqHTYJGuqVzXbvC IheIJzuxCu4= =tXU6 -----END PGP SIGNATURE----- `finger -l markm@omni.voicenet.com` for public key and Geek Code Public Key/1024: 0xF9B22BA5 BD 24 D0 8E 3C BB 53 47 20 54 FA 56 00 22 58 D5 Homepage URL:http://www.voicenet.com/~markm/
I thought that they had not yet released their official policy. Last time I heard they were still refusing to put anything in writing saying that your measures were "ok", pending release of their official policy. If John is indeed leaving, this will give the powers-that-be an excuse to delay even longer. --Jeff attila wrote:
well, since it is "official" policy and the basics concern rejecting all foreign addresses and making the proposed recipient agree to a file statement agreeing not to export and that he/she/it is an American or Canadian citizen, it might be nice if someone who has the `sed ....` and/or `awk...` scripts would post them for all to use (with whatever disclaimers, etc.)
On Mon, 20 Nov 1995, Rich Salz wrote:
I do what RSADSI does with ftp.rsa.com. It requires a cronjob and sed. I didn't get the NSA to approve it, but I figure if it's good enough for RSADSI it's good enough for me.
I believe some of the following has been posted here before. The person to speak with is John Sonderman Office of Defense Trade Department of Compliance 703 875 6644 He's supposed to be Internet-aware. What's not common knowledge is that he's leaving by early December for budgetary reasons. If you're thinking of putting export controlled stuff up for FTP, you should probably contact John now. /r$
-- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
participants (6)
-
attila -
Jeff Weinstein -
Laurent Demailly -
Mark M. -
Rich Salz -
sameer