|
|
 |
|
|
|
register |
bbs |
search |
rss |
faq |
about
|
|
|
meet up |
add to del.icio.us |
digg it
|
|
|
|
Examples of Computer Intrusion at the Naval Surfac
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Intrusion Tales
------------------------------------------------------------------------
JUN 96. Randy Kuddel, the reservist who helped us track down
the Novell servers, uses a macintosh as his desktop platform. He
downloaded a program called serverscan 1.0.2 from the A.G Group
inc. This allowed his macintosh to scan NSWCNET for
macintoshes that are exporting information to guest. This is in
essence a world export. We found two cases of files with lists of
Social Security Numbers. We also found a large volume of
sensitive information including program milestones, meeting dates,
online travel claims, a real OPSEC buffet, all you care to
download. Please be careful when deciding what to world export.
JUN 96. I got a call from a user (and this guy has a clue) that
someone is accessing the guest account on his Windows NT
machine. This is happening to us all the time folks! If you are
running Windows NT you really need to:
+ enable auditing
+ read your logs from time to time
+ disable guest
+ maybe even change your default workgroup
Since we knock down most Netbios over TCP at the firewall router
you would *think* NT would be pretty safe. Folks we are seeing a
lot of NT activity both name service and file access. I think this is
primarily originating from a back door connection which I am
closing in on, but when as soon as this one is taken care of three
more will probably crop up. We have one report (May 96) of an NT
system that had administrator taken away from them, so you
probably do want to be careful.
MAY 96. I saw an "rlogin" from an internet service provider
located on Maryland to a machine with a White Oak address. You
just have to wonder, do these guys trust everybody (+ in the
hosts.equiv) or do they just trust the internet service provider! I
su'ed to bin and did an rlogin to their machine, sure enough got in. I
can't believe this still works. Grabbed their password file and broke
two passwords, one within a minute (useriduserid was the
password). The good news is this wasn't actually one of our
machines, it was just operating on our net space. The moral of the
story is take a look at your host.equiv and make sure there isn't a
"+".
OCT 96. A contractor has been logging into systems on
NSWCNET from an Internet Service Provider. Just so happens that
service provider was hacked and a sniffer installed on their system.
The contractor's userid/passwd turned up on a
CERT/ASSIST/NAVCIRT report. Thus began the clean up ... turns
out the unix system the contractor was logging into was reflexively
trusted at the root level by about 10 other unix systems in this
department (long .rhosts lists replicated on all the systems is not a
recommended practice)... Today is NOV 22 and the cleanup is still
going on.
|
|
|
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.
totse.com certificate signatures
|
|
|
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
|
|
|
|
|
|
