[comp.admin.policy] Who do I complain to at CalTech about xnet.caltech.edu?

jet@navier.math.uh.edu (J. Eric Townsend) (06/28/91)

Hiya.

We've been having some break-in problems at UH, and I've had great
success tracing things *until* recently, thanks to xnet.caltech.edu.

This wonderful device (apparently some sort of terminal server) allows one
to telnet in, and back out again, and provides *no* information to outside
users.  Traces to people on the other side of xnet.caltech.edu end at that
device.

Who can I talk to at CalTech about this device?  It's obviously
a gaping security hole as far as NSFnet is concerned, should I
go to them?  Or can I assume that this is just a new device put
on line, and nobody's bothered to lock out incoming telnet sessions.

--
J. Eric Townsend - jet@uh.edu - bitnet: jet@UHOU - vox: (713) 749-2126
Systems Wrangler, University of Houston Department of Mathematics
Skate UNIX! (curb fault: skater dumped)
PowerGlove mailing list: glove-list-request@karazm.math.uh.edu

PMW1@psuvm.psu.edu (Peter M. Weiss) (06/28/91)

In article <1991Jun28.012957.12871@menudo.uh.edu>, jet@navier.math.uh.edu (J.
Eric Townsend) says:

>We've been having some break-in problems at UH, and I've had great
>success tracing things *until* recently, thanks to xnet.caltech.edu.

>Who can I talk to at CalTech about this device?  It's obviously
>a gaping security hole as far as NSFnet is concerned, should I
>go to them?  Or can I assume that this is just a new device put
>on line, and nobody's bothered to lock out incoming telnet sessions.

Whois: dom caltech.edu
California Institute of Technology (CALTECH-DOM)
   Computer Science 256-80
   Pasadena, CA 91125

   Domain Name: CALTECH.EDU

   Administrative Contact, Technical Contact, Zone Contact:
      Beauchamp, Mark  (MB236)  MFB@LAGUNA.CCSF.CALTECH.EDU
      (818) 356-2153
   Alternate Contact:
      Sherman, Heather  (HS140)  HEATHER@IAGO.CALTECH.EDU
      (818) 356-4627

/Pete
--
Peter M. Weiss                     | pmw1 @ PSUADMIN  |  psuvm.psu.edu|psuvm
31 Shields Bldg - PennState Univ.  | not affiliated with psuvm.psu.edu|psuvm
University Park, PA USA 16802-1202 | A hexadecimal kindof guy in a decimal world

aej@manyjars.WPI.EDU (Allan E Johannesen) (06/28/91)

>>>>> On 28 Jun 91 01:29:57 GMT, jet@navier.math.uh.edu (J. Eric Townsend) said:

jet> We've been having some break-in problems at UH, and I've had
jet> great success tracing things *until* recently, thanks to
jet> xnet.caltech.edu.

jet> This wonderful device (apparently some sort of terminal server)
jet> allows one to telnet in, and back out again, and provides *no*
jet> information to outside users.  Traces to people on the other side
jet> of xnet.caltech.edu end at that device.

jet> Who can I talk to at CalTech about this device?  It's obviously a
jet> gaping security hole as far as NSFnet is concerned, should I go
jet> to them?  Or can I assume that this is just a new device put on
jet> line, and nobody's bothered to lock out incoming telnet sessions.

Is NSFnet concerned?  If so, they have a lot of work to do.

We (located in Massachusetts) have had hackers use connections looped
back from Annex servers as far away as Japan.  If security is not
enabled, an Annex server will let someone telnet to it and telnet
right out again.  I don't know how many Annexes have been sold to
date, but I bet a giant percentage of them do not have this hole
plugged; that's up to the random purchaser.  (xnet is not an Annex,
this is only an example)

What about MIT?  They operate a terminal server which accepts phone
calls and offers telnet.  Your search would end there, too.  I don't
operate a service like that, just because I don't have enough phone
lines to give internet access away to everybody within the distance of
a local call.  If you had been hacked from such a server, would you
contact the local TelCo and tell them to put traces on the 30 or 40
lines (or however many) to the server for you and then wait for it to
happen again?

There are uncountable holes like this.  I don't bother with tracing,
but rather with security.  It's easier to force users to use
reasonable passwords than it is to patrol the world.

Yes, I think crackers (the trendy word, leaving "hacking" to glorify
"playing with computers") are criminals; even the kids, let alone the
espionage types.  But who has the time?

Perhaps you could install a router which filters all but the addresses
you trust; then you could relax.

kludge@grissom.larc.nasa.gov ( Scott Dorsey) (06/28/91)

In article <1991Jun28.012957.12871@menudo.uh.edu> jet@navier.math.uh.edu (J. Eric Townsend) writes:
>This wonderful device (apparently some sort of terminal server) allows one
>to telnet in, and back out again, and provides *no* information to outside
>users.  Traces to people on the other side of xnet.caltech.edu end at that
>device.

   Actually, there are much such things on the net.  University of Hawaii
is another big offender.  From the look of it, xnet is intended to be used
as a bridge between a local Ungermann-Bass NET1 network and the outside
(tcp/ip) world, and probably isn't too easy to eliminate.  However, it does
have an examine function, so it's possible for you to continue to see
where an offender is coming from on the NET1 network by doing a list to
see the address of the NIU on the NET1 side, and then examining all of the
ports on the NIU.  For more information, get in touch with me.
--scott
--scott

mughal@juliet.caltech.edu (Mughal, Asim) (06/29/91)

	Hmm... the contact person here would be either


	1. Heather Sherman   (heather@tybalt.caltech.edu) 
	2. Rich Fagen   

	Call Caltech at 818-356-6811 ask for the above names or

	CCO (Campus Computing Organization) and ask them who to 
		
	contact further.




   @@@@@                                   @@@@@	
   =   = @@@@                         @@@@ =   =     Asim Mughal
   =   =====================================   =		
   =          - STANDARD DISCLAIMER -          =   
   =============================================