The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #315 [Mailbridges down] (1 message, 919 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/315.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Gene Spafford <spaf>
To: phage
Date: Thu 16:49:20 01/12/1988 EST
Subject: Mailbridges down
References: [Thread Prev: 312] [Thread Next: 318] [Message Prev: 314] [Message Next: 316]

Okay.  Here's the latest I've been able to ascertain from calling
people and from mail people have sent (asking that I not
forward the mail, but allowing me to summarize):

1) Somebody was using the FTP bug to break into systems on MILNET.

2) Specifically, somebody broke into a Mitre machine running Ultrix 1.1
that had not been fixed of the FTP bug.

3) The mailbridges were yanked in what is being seen as a massive
overreaction.

4) To compound things, everyone in a position to know the true nature
of what has been happening is either permanently unavailable, has
stonewalled questions, or (in some cases) issued outright lies about
what has been going on.

5) The mailbridges are rumored to be coming back tonight, but no one
knows for sure.

6) The mailbridges were turned back on yesterday from about 1500 to 1800 EST,
but then yanked again.

7) There appears to be no truth to the rumor that a mutated version of
the "morris" Worm  was released on the Milnet side.

8) Folks at BRL do have both a reverse-engineered, restartable version of
the worm, and they do have a shell-script test suite that checks to see
if known network holes have been plugged.  They do not have a "super worm"
that has escaped.

9) Lots of people seems to be getting upset about uptight admins at DCA.

Anybody got anything more definitive?

--spaf

END OF DOCUMENT