mirror of
https://github.com/fdiskyou/Zines.git
synced 2025-03-09 00:00:00 +01:00
481 lines
21 KiB
Text
481 lines
21 KiB
Text
|
==Phrack Magazine==
|
||
|
|
|
||
|
|
Volume Four, Issue Forty-Two, File 4 of 14
|
||
|
|
|
||
|
|
Prelude to a Kiss
|
||
|
|
|
||
|
|
- Lessons Unlearned Are Doomed To Bring Misery Ad-Infinitum -
|
||
|
|
|
||
|
|
|
||
|
|
The following is an article I wrote for a mainstream computer security
|
||
|
|
periodical called ISPNews. At the time, I had been discussing the idea
|
||
|
|
of a bi-monthly column with the editor at that time, Len Spitz. (Now the
|
||
|
|
editor is Michael Alexander, ex-of Computerworld)
|
||
|
|
|
||
|
|
The following article, although very, very tame by my standards, and
|
||
|
|
admittedly lacking in enough hardcore information to help security
|
||
|
|
professionals to apply a quick fix to their many problems, caused quite
|
||
|
|
a stir among the folks at ISPNews.
|
||
|
|
|
||
|
|
Since this article was from me, a self-proclaimed hacker, it
|
||
|
|
underwent an extraordinary amount of scrutiny. Rather than be
|
||
|
|
accepted or denied by the editor, my article got the dubious honor of
|
||
|
|
being sent before an editorial advisory board. I checked every back
|
||
|
|
issue of ISPNews and could find no mention of such an entity until the
|
||
|
|
November/December 1991 issue, the issue immediately following an length
|
||
|
|
interview with none other than myself.
|
||
|
|
|
||
|
|
When I questioned Len Spitz about this rather odd fact, he maintained
|
||
|
|
that this committee had indeed existed, but stammered his way through my
|
||
|
|
question to name any other article that they had convened to judge in
|
||
|
|
the past, and to explain the duties of such a group. He could not give
|
||
|
|
me any answers.
|
||
|
|
|
||
|
|
The group itself was obviously geared to be a type of kangaroo-court.
|
||
|
|
It consisted of:
|
||
|
|
|
||
|
|
William J. Cook -- The man who less than two years prior had ordered my
|
||
|
|
privacy and civil rights violated by the Secret
|
||
|
|
Service solely on the basis of two bulletin board
|
||
|
|
posts and my association with members of the Legion
|
||
|
|
of Doom and the Phrack Magazine staff.
|
||
|
|
|
||
|
|
William H. Murray -- A senior consultant with Deloitte & Touche who had
|
||
|
|
two weeks prior stood up before my presentation to
|
||
|
|
the MIS Training Institute's 11th Annual Conference
|
||
|
|
and said loudly "I can't take this any more, I'm leaving,"
|
||
|
|
to the astounded audience. The man who went on to
|
||
|
|
state in his own column in ISPNews, "Can we lie
|
||
|
|
down with dogs and get up without fleas?" and "Ask
|
||
|
|
yourself if you wish to work in a profession
|
||
|
|
populated by rogues. Ask yourself if you want your
|
||
|
|
reputation mixed with theirs."
|
||
|
|
|
||
|
|
Winn Schwartau -- A security consultant with a broad view and an open
|
||
|
|
mind, undoubtedly resulting from his background in the
|
||
|
|
music industry, as opposed to the bean-counting world
|
||
|
|
of MIS.
|
||
|
|
|
||
|
|
David J. Stang -- Director of research, NCSA. Noted virus specialist.
|
||
|
|
|
||
|
|
This was the group. Here is what they said about my article:
|
||
|
|
|
||
|
|
Bill Cook -- "It's very well-written and informative, but shouldn't be
|
||
|
|
published for legal reasons." (What those reasons might have been were
|
||
|
|
not stated, nor did Mr. Cook return my call to his office.)
|
||
|
|
|
||
|
|
Bill Murray -- Was not even given the file to read, as his response was
|
||
|
|
deemed to predictable.
|
||
|
|
|
||
|
|
Winn Schwartau -- "Publish it. This is valuable information."
|
||
|
|
|
||
|
|
David Stang -- Was not given the file because, according to Len Spitz
|
||
|
|
"David is just a virus expert, and this isn't in his arena, so we gave
|
||
|
|
it to Ray Kaplan."
|
||
|
|
|
||
|
|
Ray Kaplan -- Did not want to comment on it because he said, "It's
|
||
|
|
not my expertise, so I gave it to a friend." I believe Ray did not
|
||
|
|
want to get involved with anything having to do with hackers after
|
||
|
|
the reactionary attitudes of the DECUS attendees towards his defense
|
||
|
|
of Kevin Mitnik that nearly left him in bankruptcy. I cannot blame
|
||
|
|
him at all. (Hell, I like the guy...he's certainly more brazen with
|
||
|
|
attitude these days, I mean, he went to HoHoCon for God's-sake!)
|
||
|
|
|
||
|
|
Ray's Friend -- "This is of absolutely no use to the information
|
||
|
|
security professional, but of great use to the hacker community."
|
||
|
|
I still do not know who Ray's "friend" was. I hope his
|
||
|
|
Alzeheimer's has subsided since this comment.
|
||
|
|
|
||
|
|
Needless to say, the article went unpublished.
|
||
|
|
|
||
|
|
Shortly thereafter I received a letter from Robert Fox, an assistant
|
||
|
|
vice-president at Sprint. Somehow my little article had snaked its
|
||
|
|
way over to Kansas City. It's amazing how one faxed copy of an article
|
||
|
|
could have reached so many people in such a short period of time.
|
||
|
|
Mr. Fox had the following to say:
|
||
|
|
|
||
|
|
------------------------------------------------------------------------
|
||
|
|
|
||
|
|
United Telecom/US Sprint
|
||
|
|
9221 Ward Parkway
|
||
|
|
Kansas City, Missouri 64114
|
||
|
|
816-822-6262
|
||
|
|
|
||
|
|
Robert F. Fox January 13, 1992
|
||
|
|
Assistant Vice President
|
||
|
|
Corporate Security
|
||
|
|
|
||
|
|
|
||
|
|
VIA AIRBORNE EXPRESS
|
||
|
|
|
||
|
|
Mr. Chris Goggans
|
||
|
|
COMSEC
|
||
|
|
Suite 1470
|
||
|
|
7322 Southwest Freeway
|
||
|
|
Houston, TX 77074
|
||
|
|
|
||
|
|
Re: Your Article "Packet-switched Networks
|
||
|
|
Security Begins With Configuration"
|
||
|
|
|
||
|
|
Dear Mr. Goggans:
|
||
|
|
|
||
|
|
A copy of the referenced unpublished article, which is
|
||
|
|
enclosed with this letter, has come to our attention. After
|
||
|
|
review, we believe the article is inaccurate and libelous. If
|
||
|
|
published the contents of the article could cause damage to Sprint
|
||
|
|
customers, Sprint and our reputation, and we request that you not
|
||
|
|
publish or otherwise disseminate it.
|
||
|
|
|
||
|
|
In addition, we believe some of the information contained in
|
||
|
|
the article has been obtained through violation of the property
|
||
|
|
rights of Sprint and/or our customers and we demand that you cease
|
||
|
|
any efforts or attempts to violate or otherwise compromise our
|
||
|
|
property whether or not for you personal financial gain.
|
||
|
|
|
||
|
|
Sincerely,
|
||
|
|
|
||
|
|
Robert F. Fox
|
||
|
|
|
||
|
|
|
||
|
|
Enclosure
|
||
|
|
|
||
|
|
|
||
|
|
------------------------------------------------------------------------
|
||
|
|
|
||
|
|
|
||
|
|
Regardless of how Mr. Fox came into possession of this article, i have to
|
||
|
|
question his letter based on his comments. First he states that
|
||
|
|
the information is almost criminally incorrect and could cause harm to
|
||
|
|
Sprint's reputation. Then he states that information in the article has
|
||
|
|
come to be known through the violation of the security of Sprintnet and/or
|
||
|
|
clients of Sprintnet. In effect, I am both a thief and a liar according
|
||
|
|
to Mr. Fox. Well, if I were a thief the information could not possibly
|
||
|
|
be inaccurate if it were obtained from Sprintnet or its clients. If I
|
||
|
|
was a liar, why would they think the information came from themselves
|
||
|
|
and/or their clients? Mr. Fox's thinly veiled threat caused me great
|
||
|
|
amusement.
|
||
|
|
|
||
|
|
I then decided no mainstream publication would touch this article. I
|
||
|
|
don't know why everyone is so scared of the truth. Perhaps if the truth
|
||
|
|
were known people would have to work, and perhaps if the truth were
|
||
|
|
known some people would be out of work. None of this is of concern to
|
||
|
|
me anymore. I am here to speak the truth and to provide uncensored
|
||
|
|
information gathered from a variety of sources to provide readers of
|
||
|
|
this magazine the facts they need to quench their thirst for knowledge.
|
||
|
|
|
||
|
|
This article is included as a prelude to a series of articles all based
|
||
|
|
on packet switched networks as related to information merely alluded to
|
||
|
|
in my harmless little article. To our readers, "enjoy." To the cowering
|
||
|
|
so-called security experts, "kiss my ass."
|
||
|
|
|
||
|
|
------------------------------------------------------------------------
|
||
|
|
|
||
|
|
Packet-switched Networks
|
||
|
|
|
||
|
|
Security Begins with Configuration
|
||
|
|
|
||
|
|
|
||
|
|
For many companies the use of packet-switched networks has
|
||
|
|
allowed for increased interconnectivity of systems and easy
|
||
|
|
remote access. Connection to a major public packet-switched
|
||
|
|
network brings increased access points with local dialups in
|
||
|
|
many cities around the nation as well as access
|
||
|
|
points from foreign countries.
|
||
|
|
|
||
|
|
With the many obvious benefits provided by this service,
|
||
|
|
improper configuration of either the host's connection to the
|
||
|
|
network or of the network itself can lead to extreme security
|
||
|
|
problems.
|
||
|
|
|
||
|
|
The very connection to a public packet-switched network
|
||
|
|
immediately increases the exposure of that particular system.
|
||
|
|
America's two major commercial networks, BT-Tymnet and
|
||
|
|
Sprintnet, are probably the most popular US targets for hackers
|
||
|
|
around the world. The wealth of systems available on
|
||
|
|
these two networks has provided hackers with a seemly endless
|
||
|
|
supply of sites on which to sharpen their skills. The ease of use
|
||
|
|
inherent in both networks makes them popular for legitimate
|
||
|
|
users as well as illegitimate users.
|
||
|
|
|
||
|
|
The Telenet software utilized in the Sprintnet network allows
|
||
|
|
users to enter a network user address (NUA) in the standard
|
||
|
|
format as outlined in the X.121 numbering standard:
|
||
|
|
|
||
|
|
DDDDAAAHHHHHPP
|
||
|
|
|
||
|
|
Where D = the four digit data network identifier code (DNIC)
|
||
|
|
A = the three digit area code corresponding to the host
|
||
|
|
H = the host address
|
||
|
|
P = the port or (sub) address
|
||
|
|
|
||
|
|
On domestic calls the DNIC for Sprintnet (3110) is stored in
|
||
|
|
all Sprintnet equipment and is used as the default. By
|
||
|
|
merely picking an area code, most often corresponding to the standard
|
||
|
|
area codes of the North American Numbering Plan, and an
|
||
|
|
additional one to five digits a would-be intruder can
|
||
|
|
connect to any number of systems while looking for targets.
|
||
|
|
|
||
|
|
In the past many software packages have been written to
|
||
|
|
automate this process, and large scans of the network have
|
||
|
|
been published in a variety of underground media.
|
||
|
|
|
||
|
|
The Tymnet II software utilized in BT's Tymnet
|
||
|
|
prompts the user for a mnemonic which corresponds to a host
|
||
|
|
or number of hosts. The mnemonic, or username, is referenced
|
||
|
|
to a fixed host address in the network's Master User
|
||
|
|
Directory (MUD). This username may allow the caller to
|
||
|
|
connect to a variety of sites, as opposed to merely one, by
|
||
|
|
entering additional information in separate fields after the username.
|
||
|
|
It may also correspond to a network gateway thereby allowing
|
||
|
|
the user to enter a number in the X.121 format and connect to that
|
||
|
|
specific site.
|
||
|
|
|
||
|
|
This particular network, with its primary use of words as
|
||
|
|
opposed to numbers, has been compromised by intruders who
|
||
|
|
guess common words or names in their attempts to connect to
|
||
|
|
remote sites.
|
||
|
|
|
||
|
|
Each network has its own particular set of problems but
|
||
|
|
solutions to these problems are both simple and quick in
|
||
|
|
implementation.
|
||
|
|
|
||
|
|
SPRINTNET
|
||
|
|
|
||
|
|
The first deterrence in securing a host on this
|
||
|
|
network is to restrict access to the site. This can be
|
||
|
|
accomplished in a number of ways. The most obvious is to
|
||
|
|
have the site refuse collect calls. All calls on Sprintnet
|
||
|
|
are reverse-billed, unless the site has specifically asked
|
||
|
|
that they not be billed for incoming calls. This makes the
|
||
|
|
site accessible only through the use of a Network User
|
||
|
|
Identifier (NUI).
|
||
|
|
|
||
|
|
Another method of restricting access from intruders is to
|
||
|
|
place the host in a closed user group (CUG). By electing to
|
||
|
|
have the host in a CUG, the administrator can allow only
|
||
|
|
certain NUIs to connect, and can also restrict the actual
|
||
|
|
addresses from which access is allowed. For example: A site
|
||
|
|
is placed in a CUG that will allow only calls from the
|
||
|
|
company's remote branch in Dallas to access the host and only
|
||
|
|
with the NUI created specifically for that branch. All
|
||
|
|
attempts to access the site from an address outside the 214
|
||
|
|
area will result in an error message indicating an invalid
|
||
|
|
source address. All attempts to connect with an invalid NUI
|
||
|
|
will result in an error indicating an invalid ID. This
|
||
|
|
information is maintained in the networks main TAMS (TP
|
||
|
|
Access Management System) database, and is not subject to
|
||
|
|
manipulation under normal circumstances.
|
||
|
|
|
||
|
|
Many sites on the Sprintnet network have specific
|
||
|
|
subaddresses connecting to a debug port. This is usually at
|
||
|
|
subaddress 99. All connections to debug ports should be
|
||
|
|
restricted. Allowing users access to this port will allow
|
||
|
|
them the ability to load and display memory registers of the
|
||
|
|
Sprintnet equipment connected to the port, and even reset
|
||
|
|
as well as enable or disable the host. Most debug ports are
|
||
|
|
equipped with preset passwords from the vendor, but should be
|
||
|
|
changed. These ports should also restrict connection from
|
||
|
|
all addresses except those specified by the company.
|
||
|
|
|
||
|
|
An additional measure that may foil intruders relying on
|
||
|
|
software programs to find all addresses in a given area code
|
||
|
|
is to request that the host be given an address above 10000.
|
||
|
|
The time involved in scanning the network is extensive and
|
||
|
|
most casual intruders will not look past the 10000 range. In
|
||
|
|
fact, many will not venture past 2000.
|
||
|
|
|
||
|
|
BT-TYMNET
|
||
|
|
|
||
|
|
Any company having a host on the Tymnet network should choose
|
||
|
|
a username that is not easily associated with the company or
|
||
|
|
one that is not a common word or name. If an intruder is aware that
|
||
|
|
XYZ Inc. has a UNIX based system on TYMNET he or she would
|
||
|
|
begin attempts to find this system with the obvious
|
||
|
|
usernames: XYZ, XYZINC, XYZNET, XYZ1, XYZUNIX, UNIX, etc.
|
||
|
|
|
||
|
|
BT-Tymnet allows for these usernames to have additional
|
||
|
|
password security as well. All hosts should have this option
|
||
|
|
enabled, and passwords should be changed frequently.
|
||
|
|
The password should always be a minimum of six
|
||
|
|
digits, should include letters, numbers and at least one symbol
|
||
|
|
character, and should not be associated in any way with the
|
||
|
|
corresponding username.
|
||
|
|
|
||
|
|
Many clients of BT-Tymnet have purchased the Tymnet II
|
||
|
|
software and have individual sub-networks that are linked to
|
||
|
|
the public network through gateways. Each subnet is
|
||
|
|
personally configured and maintained through the use of a
|
||
|
|
package of utilities provided by Tymnet. These utilities
|
||
|
|
each perform a specific task and are highly important to the
|
||
|
|
smooth operation of the network. These utilities may be
|
||
|
|
accessed either directly from the host-end or remotely
|
||
|
|
through the network by entering a corresponding username.
|
||
|
|
Some of these utilities are:
|
||
|
|
|
||
|
|
XRAY : a monitoring utility
|
||
|
|
DDT : a debugging utility
|
||
|
|
NETVAL : a database of username to host correspondence
|
||
|
|
PROBE : a monitoring utility
|
||
|
|
TMCS : a monitoring utility
|
||
|
|
|
||
|
|
Under NO CIRCUMSTANCES should these utilities be left
|
||
|
|
without a password on the company's subnet. These utilities should
|
||
|
|
also never be named similarly to their given name. Should an
|
||
|
|
intruder gain access to any of these utilities the integrity
|
||
|
|
of your network will be at risk.
|
||
|
|
|
||
|
|
For example:
|
||
|
|
|
||
|
|
Allowing an outsider access to the XRAY utility, would give
|
||
|
|
he or she the ability to monitor both incoming and outgoing
|
||
|
|
data from the host using the "TA" command (display trace data
|
||
|
|
table in ASCII). Use of certain XRAY commands are restricted
|
||
|
|
by a security function that allows only certain usernames to
|
||
|
|
execute commands on the basis of their existence in a
|
||
|
|
"Goodguy" list, which can be displayed by any XRAY user.
|
||
|
|
Should a user be of the highest privilege, (2), he or she can
|
||
|
|
add or delete from the "Goodguy" list, reset connections, and
|
||
|
|
display trace data on channels other than the default
|
||
|
|
channel.
|
||
|
|
|
||
|
|
Allowing a user access to DDT can result in complete
|
||
|
|
disruption of the network. DDT allows the user the ability
|
||
|
|
to write directly to the network controller "node code" and
|
||
|
|
alter its configuration.
|
||
|
|
|
||
|
|
Allowing a user access to NETVAL will allow the user to
|
||
|
|
display all usernames active on the network and the
|
||
|
|
corresponding host addresses.
|
||
|
|
|
||
|
|
OTHER PROBLEMS
|
||
|
|
|
||
|
|
EXAMPLE ONE
|
||
|
|
|
||
|
|
On many networks users have the ability to connect to the
|
||
|
|
packet assembler/disassembler (PAD) of the network dial-ups.
|
||
|
|
This has led to significant problems in the past.
|
||
|
|
|
||
|
|
In the mid-1980's two American hackers were exploring the
|
||
|
|
German packet network DATEX-P. One connected to a host in
|
||
|
|
Berlin and was immediately disconnected by the remote site.
|
||
|
|
Before the hacker could react, the German host connected to
|
||
|
|
the NUA corresponding to his Sprintnet PAD and sent him a
|
||
|
|
login prompt. This alarmed the hacker greatly, as he assumed
|
||
|
|
that the proprietors of the German host had somehow noticed
|
||
|
|
his attempt to access their system. He contacted his partner
|
||
|
|
and told him of the occurrence. The two concluded that since
|
||
|
|
the NUA of the origination point is sent in the packet-header,
|
||
|
|
the remote site must have been programed to recognize the NUA and
|
||
|
|
then return the call. The fact that it had returned a call to a
|
||
|
|
public PAD was intriguing to the pair, so they decided to
|
||
|
|
attempt to recreate the event by calling each other. Both
|
||
|
|
individuals connected to the network and one entered the NUA
|
||
|
|
corresponding to the others PAD. A connection resulted and
|
||
|
|
the two were able to interact with one another. They then
|
||
|
|
decided that they would periodically meet in this fashion and
|
||
|
|
discuss their findings from Germany. At the time of the next
|
||
|
|
meeting, the connection did not occur as planned. One hacker
|
||
|
|
quickly received a telephone call from the second who
|
||
|
|
exclaimed rather excitedly that he had attempted to connect
|
||
|
|
to his partner as planned, but accidentally connected to
|
||
|
|
another PAD and intercepted a legitimate user typing his NUI.
|
||
|
|
Further investigation proved that one could connect to public
|
||
|
|
PADs during the idle period when the user was in network
|
||
|
|
mode, prior to making a connection to a remote site. This
|
||
|
|
discovery was intended to remain secret, because of its
|
||
|
|
extremely dangerous applications. Nevertheless, word of this
|
||
|
|
discovery soon reached the entire hacker community and what
|
||
|
|
came to be known as "PAD to PAD" was born.
|
||
|
|
|
||
|
|
The "PAD to PAD" technique became so wide-spread that hackers
|
||
|
|
were soon writing software to intercept data and emulate
|
||
|
|
hosts and capture login names and passwords from unsuspecting
|
||
|
|
network users. Hackers were intercepting thousands of calls
|
||
|
|
every day from users connecting to systems ranging from
|
||
|
|
banking and credit to the Fortune 500 to government sites.
|
||
|
|
|
||
|
|
After nearly two years of "PAD to PAD" Sprintnet became
|
||
|
|
alerted to the crisis and disallowed all connections to
|
||
|
|
public PADs. When Sprintnet expanded its service overseas
|
||
|
|
they once again left access to the overseas PADs
|
||
|
|
unrestricted. The problem went unnoticed again until
|
||
|
|
their attention was brought to it by a hacker who called
|
||
|
|
Sprintnet security and told them that they ought to fix it
|
||
|
|
quickly before it became as wide-spread as before.
|
||
|
|
The problem was resolved much quicker this time.
|
||
|
|
|
||
|
|
This particular technique was not limited to Sprintnet. All
|
||
|
|
networks using the Telenet software are at risk to this type
|
||
|
|
of manipulation. This type of network manipulation was
|
||
|
|
integral in the recent compromise of a large Bell Company's packet
|
||
|
|
network in a much-publicized case. Certain foreign
|
||
|
|
networks in countries such as Israel, England, Chile, Panama,
|
||
|
|
Peru and Brazil are also at risk.
|
||
|
|
|
||
|
|
EXAMPLE TWO
|
||
|
|
|
||
|
|
In the late 1980's hackers stumbled onto a packet network
|
||
|
|
owned and maintained by a large facilities maintenance
|
||
|
|
company. This particular network had a huge flaw in its
|
||
|
|
setup. It connected all calls placed through it as if they
|
||
|
|
were placed with an NUI. This allowed hackers to place calls
|
||
|
|
to addresses that refused collect connections on networks
|
||
|
|
around the world. This became a popular method for hackers
|
||
|
|
to access underground chat systems in Europe. Additionally,
|
||
|
|
this network contained a score of computers belonging to a
|
||
|
|
major automobile manufacturer. Most of these systems were
|
||
|
|
highly insecure. The network also allowed unrestricted
|
||
|
|
access to network debug ports. This particular network also
|
||
|
|
had a toll-free number on an MCI exchange. At the time, MCI
|
||
|
|
was having some difficulty getting their equipment to accept
|
||
|
|
the ANI information to provide customers with a full call-
|
||
|
|
detail report on their monthly statement. The hackers were
|
||
|
|
well aware of this fact and made frequent use of the network
|
||
|
|
with no fear of prosecution. Eventually MCI was able to fix
|
||
|
|
their translation problem and were able to provide their
|
||
|
|
clients with full call-detail reports. When this was
|
||
|
|
learned, many hackers abandoned use of the network, but
|
||
|
|
several others were later prosecuted for its usage when their
|
||
|
|
number turned up on the bill.
|
||
|
|
|
||
|
|
EXAMPLE THREE
|
||
|
|
|
||
|
|
Until quite recently intimate knowledge of the utilities
|
||
|
|
driving various packet-switched networks were known by an
|
||
|
|
exclusive few. While investigating a network owned by an
|
||
|
|
extremely large Cleveland-based conglomerate hackers came
|
||
|
|
across a system where documentation on the usage of every
|
||
|
|
utility was kept online. The hackers quickly downloaded all
|
||
|
|
the information and it soon became somewhat wide-spread among
|
||
|
|
the underground community. With less-skilled and more
|
||
|
|
unscrupulous individuals in possession of this information
|
||
|
|
many networks began experiencing disruptions and system
|
||
|
|
integrity was quickly lost as hackers began monitoring data
|
||
|
|
traffic.
|
||
|
|
|
||
|
|
No information on the usage of packet networks or their
|
||
|
|
utilities should ever be kept online. Hard copies should be
|
||
|
|
kept in the possession of the network administrator, and when
|
||
|
|
updated, obsolete versions must be destroyed.
|
||
|
|
|
||
|
|
WHAT TO DO
|
||
|
|
|
||
|
|
When a security violation stemming from a connection through
|
||
|
|
the packet network is noticed, Network Security should be
|
||
|
|
notified. Clients of BT-Tymnet should notify Steve Matthews
|
||
|
|
at 408-922-7384. Clients of Sprintnet should notify
|
||
|
|
Pat Sisson at 703-689-6913.
|
||
|
|
|
||
|
|
Once changes have been enacted in the network to prevent
|
||
|
|
further break-ins, the host computer should be checked
|
||
|
|
thoroughly for any changes or damages, and all individual
|
||
|
|
account passwords should be changed.
|
||
|
|
|
||
|
|
CONCLUSION
|
||
|
|
|
||
|
|
It is critical that the packet network be configured properly
|
||
|
|
and that all measures are taken to ensure its security. Even
|
||
|
|
the most secure host computer can be easily compromised if it
|
||
|
|
is connected to an insecure packet network.
|
||
|
|
----------------------------------------------------------------------
|