>I do know FOR A FACT that a sniffer program was installed on a machine
>attached to the BARRnet backbone and did sniff a huge number of
Just so people don't think BARRNet was the only organization burnt by
this, let me assure you they weren't. There was a rash of break-ins a
while back (a year or so ago?) in which several very large ISPs in the
US (and likely elsewhere) were compromised, not just once but several
times. There is a reason the major backbone providers have a *severe*
allergic reaction to putting any type of general purpose host on the
MAEs or NAPs (the RA machines are, as I understand it, on their own
ethernet leg off the NAPs).
One interesting aspect of this was some ISPs told their customers that
their passwords had a very high probability of being compromised, but
the ISPs couldn't be positive: after a few attacks where the sniffers
kept the passwords in plaintext on disk, the sniffers evolved to
encrypt the collected password files so the ISP, when they did
discover their backbone was being sniffed, had no idea which of their
customers were compromised.
Of course, some ISPs didn't tell their customers, so the fact that
people know BARRNet had been compromised can be seen to speak very
highly of the integrity of BARRNet's personnel...
P.S. I believe the NSFNet routers were general purpose Unix machines
(IBM RS6000s) with high speed serial interfaces.