Article 34395 of alt.security:
Path: nntpd.lkg.dec.com!lead.zk3.dec.com!crl.dec.com!crl.dec.com!bloom-beacon.mit.edu!newsfeed.internetmci.com!howland.reston.ans.net!news.nic.surfnet.nl!tuegate.tue.nl!news.win.tue.nl!wzv.win.tue.nl!wzv.win.tue.nl!not-for-mail
From: wietse@wzv.win.tue.nl (Wietse Venema)
Newsgroups: alt.culture.internet,alt.security,comp.security.misc,alt.2600,alt.internet.media-coverage
Subject: Re: Shimomura an Internet Spy?
Date: 30 Jan 1996 08:07:58 +0100
Organization: Eindhoven University of Technology, The Netherlands
Lines: 14
Message-ID: <4ekg4e$rcf@wzv.win.tue.nl>
References: <4dtv63$22kg@usenetw1.news.prodigy.com> <4e685v$9u@brasaap.iaehv.nl> <lewizDLvCH3.JB2@netcom.com> <4egml2$5dm@brasaap.iaehv.nl>
NNTP-Posting-Host: wzv.win.tue.nl
Xref: nntpd.lkg.dec.com alt.culture.internet:19845 alt.security:34395 comp.security.misc:26399 alt.2600:140772

>to cause chaos on the Internet. Not that by using a packet sniffer he
>could really do any active action, merely passive listening.

Combine a packet sniffer with raw IP, and one can do a lot more 
than just passive listening.

Just a few examples:

http://www.merit.edu/routing.arbiter/RA/security/simple_tcp_active_attack.ps
ftp://net.tamu.edu/pub/security/TAMU/NIS_Paper.ps.gz

These papers are also available from the usual other sites.

	Wietse