| RHF Joke Archives |

At a recent intrusion detection workshop, some of the attendees were
lamenting that there was insufficient baseline data to calibrate
some of the systems.

Discussion ensued, and over the next few days, a few of us came up
with (and ranked) the following, with the working title of "The
Grance-Letterman Data Set of the 15 Most Suspicious Network
Connections."

Without further ado:

15 cut & fork             from     jdahmer@jail.mn.us
14 chown -R nobody *      from     stallman@prep.mit.edu
13 rcp                    from     scud.baghdad.iq
12 talk                   from     sununu@carphone.beltway.gov
11 ftp                    from     kremvax.mosc.fsu
10 rsh bash               from     tyson@fairfield.indiana.gov
 9 pop                    from     rcharles@uhhuh.diet.pepsi.com
 8 rsh make bed           from     helmsley@queen.roost.attica.ny.us
 7 auditd -start          from     root@irs.gov
 6 rlogin GAMES           from     DQUAYLE@ATARI.LIVINGROOM.DC.US
 5 rsh kill -9 1          from     gotti@murder.com
 4 usenet postings        from     Gennifer to alt.sex and talk.rumors
 3 ping                   from     elvis@graceland.ufo.org
 2 finger                 from     peewee@3rd.row.flic.com

 1 uptime                 from     jswaggert@motel.6.com


Other suspicious entries, added to the list after the ranking:

touch		from		C.Thomas@l_d_silver.doj.gov
mount		from		magic@groupie.bball.org
sleep		from		reagan@rancho.teflon.gov
-- 
Gene Spafford
Software Engineering Research Center & Dept. of Computer Sciences
Purdue University, W. Lafayette IN 47907-1398
Internet:  spaf@cs.purdue.edu	phone:  (317) 494-7825

| RHF Joke Archives |