[1756] in SIPB_Linux_Development
Re: breakin report - sniffer running in 18.242.*
daemon@ATHENA.MIT.EDU (Emil Sit)
Tue Aug 19 04:42:14 1997
To: Edwin Foo <efoo@MIT.EDU>
Cc: net-security@MIT.EDU, stopit@MIT.EDU, linux-dev@MIT.EDU, kvlee@MIT.EDU,
goblin@MIT.EDU, fubob@MIT.EDU, bdrosen@MIT.EDU
In-Reply-To: Your message of "Mon, 18 Aug 1997 14:25:56 EDT."
<199708181825.OAA04472@hesed.mit.edu>
Date: Tue, 19 Aug 1997 04:41:59 EDT
From: Emil Sit <sit@MIT.EDU>
-----BEGIN PGP SIGNED MESSAGE-----
> raptor.mit.edu into a trojan horse and packet sniffer for the Next House
> network. From there, they acquired passwords for several more athena
> accounts, as well as several common hostnames, which were then attacked.
[...]
> raptor.mit.edu. Unfortunately, I've got a text file with about 20-30+
> athena usernames and passwords, along with LCS accounts/passwords, Harvard
> passwords, BU passwords, etc... all sniffed off 18.242.* from 12am-about
A few comments...
I'm not entirely clear on why linux-dev was included in this mailing.
I'll make some sort of linux-dev response in a sec. I should mention that
linux-dev is a publicly readable list, archived in discuss, available on
the web. While news of this particular incident needs to be broadcast,
everyone should be advised not to disclose any sensitive information
while linux-dev is included on the recipient list. As a personal
request, in the event that linux-dev is taken out of the loop, I'd like
to be kept informed as to what's going on. That out of the way...
Unfortunately, linux-dev no longer supports Slackware in any way shape
or form. When we introduced RedHat-Athena last year, we encouraged
people to upgrade and we told them Slackware was bad. The Slackware
security issue was briefly discussed at a meeting Monday. The decision was
basically a confirmation of the existing policy --- no help will be
given to Slackware users. It would be too much work to come up with some
equivalent of update.pl for Slackware. There is surely documentation on
securing (Linux) machines out there on the net which will just as
applicable to Athena-ized Slackware machines.
As a side note, we are working on a new release of RH-Athena which
we hope will be ready by the Activities Midway next week. This will
include all vendor patches made available to date. Mail will
be sent to linux-announce, urging users to upgrade.
Taking off the linux-dev hat, I feel that it is important that
Next House residents are made aware of this. goblin has already notified
users of his machine that they should change their password but there
are doubtless others who have been compromised and not been notified.
Mail should be sent to next house residents with some appropriately
dire warnings. I would be willing to draft/send this letter if needed.
(Or, I can provide the address to use to the person who will be writing
the letter.) I also think it might even be worth it to send mail to
netusers mentioning this problem.
And, on an semi related note, I've personally never found escape to be
too helpful, but I haven't really dealt with them since 1995.
- --
Emil Sit / Bronx Science '95, MIT '99 -- ESG, SIPB, Athena Consulting
PGP KeyID: 0xE63561E9 / Fingerprint: A68FD0693EDABA19 2671EC1F22498F58
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQBVAwUBM/lcVyWuZ7zmNWHpAQHzDQIAzaVgwYEFai0u+M6gTL6DCpFAlIJ/SS8r
WBADDEtl3sDbL51x6BCbmpvbTSBfBVgDwVzQhR/J+Bmld1tEQtg4Rw==
=DbML
-----END PGP SIGNATURE-----
