[433] in Athena User Interface
Re: Fwd: breakins to some MIT Linux machines (Case 185834)
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Tue Sep 19 01:10:22 2000
Message-Id: <200009190510.BAA13078@Bearing-An-Hourglass.mit.edu>
From: Jonathon Weiss <jweiss@MIT.EDU>
To: Bill Cattey <wdc@MIT.EDU>
cc: beland@MIT.EDU, lcs@MIT.EDU, ops@MIT.EDU, aui@MIT.EDU
In-reply-to: Your message of "Tue, 19 Sep 2000 03:45:20 -0000."
<Atli5Epz0001IecGoo@mit.edu>
Date: Tue, 19 Sep 2000 01:10:17 -0400
> Beland: bad news, apparently on Sunday after you installed all the nice
> HelixCode stuff, dig-dug got violated.
> I don't think it's the case that the new HelixCode stuff listens on port 39168.
Was dig-dug running Athena 8.4 when it was compromised? 8.4 doesn't
have the daemon that's been the biggest attack vector recently
(rpc.statd), so I'm curious how it was compromised.
> P.S. I guess we really DO need that test-cluster-w92 email list. If
> Mike Barker hadn't forwarded this to me, it's unclear the news would
> have reached the right people.
I summarily updated the contact info in moira (which is what is used
for determining who to notify of compromised machines) for all of the
test-cluster machines (pitfall space-invaders joust gyruss asteroids
dig-dug defender donkey-kong) to moties@mit.edu. Previously, the
contact for all of these machiens was either mbarker or blank. I've
updated the location while I was there. If a test-cluster mailing
list is created we can update teh contacts again, but for now moties
is clearly a better choice than Mike.
Jonathon
