jet@navier.math.uh.edu (J. Eric Townsend) (06/28/91)
Hiya. We've been having some break-in problems at UH, and I've had great success tracing things *until* recently, thanks to xnet.caltech.edu. This wonderful device (apparently some sort of terminal server) allows one to telnet in, and back out again, and provides *no* information to outside users. Traces to people on the other side of xnet.caltech.edu end at that device. Who can I talk to at CalTech about this device? It's obviously a gaping security hole as far as NSFnet is concerned, should I go to them? Or can I assume that this is just a new device put on line, and nobody's bothered to lock out incoming telnet sessions. -- J. Eric Townsend - jet@uh.edu - bitnet: jet@UHOU - vox: (713) 749-2126 Systems Wrangler, University of Houston Department of Mathematics Skate UNIX! (curb fault: skater dumped) PowerGlove mailing list: glove-list-request@karazm.math.uh.edu
PMW1@psuvm.psu.edu (Peter M. Weiss) (06/28/91)
In article <1991Jun28.012957.12871@menudo.uh.edu>, jet@navier.math.uh.edu (J. Eric Townsend) says: >We've been having some break-in problems at UH, and I've had great >success tracing things *until* recently, thanks to xnet.caltech.edu. >Who can I talk to at CalTech about this device? It's obviously >a gaping security hole as far as NSFnet is concerned, should I >go to them? Or can I assume that this is just a new device put >on line, and nobody's bothered to lock out incoming telnet sessions. Whois: dom caltech.edu California Institute of Technology (CALTECH-DOM) Computer Science 256-80 Pasadena, CA 91125 Domain Name: CALTECH.EDU Administrative Contact, Technical Contact, Zone Contact: Beauchamp, Mark (MB236) MFB@LAGUNA.CCSF.CALTECH.EDU (818) 356-2153 Alternate Contact: Sherman, Heather (HS140) HEATHER@IAGO.CALTECH.EDU (818) 356-4627 /Pete -- Peter M. Weiss | pmw1 @ PSUADMIN | psuvm.psu.edu|psuvm 31 Shields Bldg - PennState Univ. | not affiliated with psuvm.psu.edu|psuvm University Park, PA USA 16802-1202 | A hexadecimal kindof guy in a decimal world
aej@manyjars.WPI.EDU (Allan E Johannesen) (06/28/91)
>>>>> On 28 Jun 91 01:29:57 GMT, jet@navier.math.uh.edu (J. Eric Townsend) said:
jet> We've been having some break-in problems at UH, and I've had
jet> great success tracing things *until* recently, thanks to
jet> xnet.caltech.edu.
jet> This wonderful device (apparently some sort of terminal server)
jet> allows one to telnet in, and back out again, and provides *no*
jet> information to outside users. Traces to people on the other side
jet> of xnet.caltech.edu end at that device.
jet> Who can I talk to at CalTech about this device? It's obviously a
jet> gaping security hole as far as NSFnet is concerned, should I go
jet> to them? Or can I assume that this is just a new device put on
jet> line, and nobody's bothered to lock out incoming telnet sessions.
Is NSFnet concerned? If so, they have a lot of work to do.
We (located in Massachusetts) have had hackers use connections looped
back from Annex servers as far away as Japan. If security is not
enabled, an Annex server will let someone telnet to it and telnet
right out again. I don't know how many Annexes have been sold to
date, but I bet a giant percentage of them do not have this hole
plugged; that's up to the random purchaser. (xnet is not an Annex,
this is only an example)
What about MIT? They operate a terminal server which accepts phone
calls and offers telnet. Your search would end there, too. I don't
operate a service like that, just because I don't have enough phone
lines to give internet access away to everybody within the distance of
a local call. If you had been hacked from such a server, would you
contact the local TelCo and tell them to put traces on the 30 or 40
lines (or however many) to the server for you and then wait for it to
happen again?
There are uncountable holes like this. I don't bother with tracing,
but rather with security. It's easier to force users to use
reasonable passwords than it is to patrol the world.
Yes, I think crackers (the trendy word, leaving "hacking" to glorify
"playing with computers") are criminals; even the kids, let alone the
espionage types. But who has the time?
Perhaps you could install a router which filters all but the addresses
you trust; then you could relax.
kludge@grissom.larc.nasa.gov ( Scott Dorsey) (06/28/91)
In article <1991Jun28.012957.12871@menudo.uh.edu> jet@navier.math.uh.edu (J. Eric Townsend) writes: >This wonderful device (apparently some sort of terminal server) allows one >to telnet in, and back out again, and provides *no* information to outside >users. Traces to people on the other side of xnet.caltech.edu end at that >device. Actually, there are much such things on the net. University of Hawaii is another big offender. From the look of it, xnet is intended to be used as a bridge between a local Ungermann-Bass NET1 network and the outside (tcp/ip) world, and probably isn't too easy to eliminate. However, it does have an examine function, so it's possible for you to continue to see where an offender is coming from on the NET1 network by doing a list to see the address of the NIU on the NET1 side, and then examining all of the ports on the NIU. For more information, get in touch with me. --scott --scott
mughal@juliet.caltech.edu (Mughal, Asim) (06/29/91)
Hmm... the contact person here would be either 1. Heather Sherman (heather@tybalt.caltech.edu) 2. Rich Fagen Call Caltech at 818-356-6811 ask for the above names or CCO (Campus Computing Organization) and ask them who to contact further. @@@@@ @@@@@ = = @@@@ @@@@ = = Asim Mughal = ===================================== = = - STANDARD DISCLAIMER - = =============================================