Back to the main page

Mailing List Logs for ShadowRN

Message no. 1
From: Tommy Lindner <tommy.lindner@*******.DE>
Subject: Re: Security tallies......was:Re: one or two VR2 questions
Date: Thu, 28 Jan 1999 16:48:02 +0100
I always thought that the ST is some small program counting each unusual op
happening in a system not being filtered out as "something like that happens
all the time so ignore it". And if a certain number is reached the system sends
out some IC to check if there is something not belonging to the system and
waits for report. By surpressing it you delay the report time until the system
has sent too many IC and not receiving answer to start wondering. There your
passive alarm goes.
If more than one decker enters a given host I guess it's all counted towards
the same ST program and so the system responds with one IC searching for
anything unusual. I think having multiple ST programs uses up rescources the
corps don't like to spent and doesn't matter anyway because if the system is
intruded by one or ten deckers seems not to be much of a difference. Maybe you
have multiple programs in high security hosts which already allocate a lot of
rescources to security.
So in anything other than red or higher hosts it is not a good idea to visit
hosts with more than one decker (at least in my game).

Tommy
Message no. 2
From: David Buehrer <dbuehrer@******.CARL.ORG>
Subject: Re: Security tallies......was:Re: one or two VR2 questions
Date: Thu, 28 Jan 1999 10:26:38 -0700
For the mere cost of a Thaum, Tommy Lindner wrote:
/
/ I always thought that the ST is some small program counting each unusual op
/ happening in a system not being filtered out as "something like that happens
/all the time so ignore it". And if a certain number is reached the system sends
/ out some IC to check if there is something not belonging to the system and
/ waits for report. By surpressing it you delay the report time until the system
/ has sent too many IC and not receiving answer to start wondering. There your
/ passive alarm goes.
/ If more than one decker enters a given host I guess it's all counted towards
/ the same ST program and so the system responds with one IC searching for
/ anything unusual. I think having multiple ST programs uses up rescources the
/ corps don't like to spent and doesn't matter anyway because if the system is
/ intruded by one or ten deckers seems not to be much of a difference. Maybe you
/ have multiple programs in high security hosts which already allocate a lot of
/ rescources to security.

You don't need one ST program per icon/decker. All you need is one
main program (probably integral to the OS/Host) that runs a seperate
log file for each icon on the system.

-David B.
--
"Earn what you have been given."
--
email: dbuehrer@******.carl.org
http://www.geocities.com/TimesSquare/1068/homepage.htm

Further Reading

If you enjoyed reading about Security tallies......was:Re: one or two VR2 questions, you may also be interested in:

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.

Thwap!