On Thu, 26 Aug 1999 [log in to unmask] wrote: > On Thu, 26 Aug 1999 12:31:30 EDT, Listserv Admin <[log in to unmask]> said: > Now, it's a LITTLE harder to do this *and* dissapear the Listserv reply so > that the actual list owner doesn't see it, but it's doable by a sufficiently > determined adversary (hint - the secret is a Denial Of Service attack. Has > YOUR system been patched against things like SYN-flooding, or TCP sequence > number prediction, or any of those OTHER nasty problems? ;) Well, yes... and no... and no scans past the router...but how about some perspective here? I'm not concerned with making anything perfectly secure, only a fool with a little knowledge might think they could. I'm only concerned with making it "as safe as" the existing task of manually adding hundreds of students to hundreds of lists. Your argument applies to both manual and automated ADD jobs and indeed is a good case for not using listserv at all "because someone could...". I have been convinced for some years now that there is no such thing as "security" on an Internet connected machine, there are only levels of security; my task is simply to find a level I can live with in some comfort. --Trish ------------- Trish Forrest, Queen's University