Great Circle Associates Firewalls
(February 1994)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Break-in
From: mark @ cyantic . com (Mark T. Dornfeld)
Date: Wed, 23 Feb 1994 17:59:28 -0500
To: Firewalls @ greatcircle . com

Recently, a password-less demo account was accessed by someone who had no
intention of testing the demo, but rather in messing about with the system.
The access was directly through a modem to a native serial port on an SCO
UNIX box.

The infiltrator erased the .profile, set up a password for him/herself, and
left a .plan file that was the following:


(Tm)Trademark 1993,1994 RaDD(Tm)Trademark 1993,1994 TvmS All Rights
Reserved Tvms/RaDD Corp -Security SuCks Big One Wiz KID'94 -

Well, I don't think any malicious damage was done, but I do have a record
of most of the commands that were run and mostly the breaker was running
"nohup mail" and getting listings of the file system.

While this doesn't have a lot to do with firewalls, I'm looking for any
relevant comments, and also posting the experience for the benefit of
others who may find it useful.

Mark T. Dornfeld, CYANTIC Systems             Voice: (416) 234-9048
101 Subway Crescent Suite 2103                Facsimile: (416) 234-0477
Etobicoke, Ontario, M9B 6K4 CANADA            Email: mark @
 cyantic .

Indexed By Date Previous: Re: Two security issues
From: smb @ research . att . com
Next: Re: Allowing FTP and TELNET through firewall.
From: sdeb @ callisto . eci-esyst . com (Steve Eason)
Indexed By Thread Previous: Re: Security with routers from ACC
From: woycke @ mitre . org (Daniel W. Woycke)
Next: Problems configuring TRIPWIRE v1.1
From: heiser @ world . std . com (Bill Heiser)

Search Internet Search