joe jesson <jej@chinet.chi.il.us> (07/22/90)
I am trying to ascertain the security risks of installing an RSCS-to-RSCS link from our large (very) SNA network to IBM's Information Network (IN) to be used for E-Mail (IBM's Expdedite Mail). The fear is not knowing how a hacker can bring down my network from IBM's network. Specifically, I remember the infamous "Christmas Card" sent to all users on IBM's network. What can be done through RSCS? My network has 30,000 PROFS users on VM. Any hackers or security buffs willing to tell? joe
"Craig R. Watkins" <CRW@icf.hrb.com> (07/28/90)
In article <10008@accuvax.nwu.edu>, jej@chinet.chi.il.us (joe jesson) writes: > The fear is not knowing how a hacker can bring down my network from > IBM's network. Specifically, I remember the infamous "Christmas Card" > sent to all users on IBM's network. The "Christmas Card" was basically a program (an "EXEC" or a "command procedure") that was sent to a few random users. These users, without knowing what it did executed it. The beginning of the file said "LET THIS EXEC RUN AND ENJOY YOURSELF." When it was run, it printed out a character-based X-mas tree and and a nice holiday wish. The program then looked up the network addresses of the user's "friends" in their address book (NAMES file in VM terms) and looked up addresses in the user's network file log file (NETLOG). It then sent a copy of itself to all of these people. The neat (?) thing about this is that while you may be the mildly suspicious type, you may run a program without checking it if it came from your boss/wife/system manager/secretary/butler. The program did no other "damage"; it didn't delete files or change data, etc. It just replicated itself. It was reported, however, that this was enough to clog up some decent size networks. > What can be done through RSCS? My network has 30,000 PROFS users on > VM. RSCS is fairly straightforward since you can only SEND things. You can send files. You can send messages. You can send commands. That doesn't leave much to protect against. One thing to note when you configure your RSCS is to be careful when you allow remote users access to RSCS configuration commands and especially CP commands thru the AUTH statement. Be aware that given full access to a remote system and possibly the code of the networking software, it would be possible to "spoof" your network identity. Either don't allow such remote operators (as I believe they are called) or guard their identities are you would as password. > Any hackers or security buffs willing to tell? Nope. Just someone who's written some RSCS emulation code.