Firewalls: Re: CERT and Firewalls BOFs

Firewalls
(September 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: CERT and Firewalls BOFs
From:	Scott Barman <scott @ Disclosure . COM>
Date:	Fri, 29 Sep 1995 10:44:55 -0400 (EDT)
To:	Brent Chapman <Brent @ GreatCircle . COM>
Cc:	rik @ spirit . com, Firewalls @ greatcircle . com
In-reply-to:	<v02130541ac909ffe9e6b @ [198 . 102 . 244 . 40]>

On Thu, 28 Sep 1995, Brent Chapman wrote:

> At 5:45 PM 9/26/95, Rik Farrow wrote:
> >====
> >Firewalls BOF, 1833, 21 Sept, 1995
> >
> >Ranum asks "Does Lehman have Flowtrans?"  What scares Ranum is that the
> >Internet is often behind the firewall.  Private connections, connections
> >to other organizations which are connected to the Internet.  The Plan 9
> >guys, the Athena guys, have it right.  Put security at the presentation
> >device.
> 
> Marcus was asking about "Quotron", a service which provides real-time stock
> and commodities price data to Wall Street firms.  One of their delivery
> methods (they have several, as I understand it) is a dedicated TCP/IP
> leased line from their net to yours.  Most Wall Street firms have a link to
> Quotron; therefore, Quotron is a possible vector for attack.

Just a clarification:

I used to be a consultant on Wall Street (a number of years ago) and
know a *little* about the Quotron system.  Their system is set up to
handle their feed and their feed only.  I think they use serveral (or
was it one) ports over TCP/IP that runs each "service" they provide
(news, ticker, etc.).  The only other service they provide is email
service for things like clippings, etc.

Now I know the main R&D guy over there was a real big fan of System V
and has been (at least) since the days of SVR2.  If that's still the
case (if he's still there), I don't know if they are using sendmail or
the upas-like mailer that comes with System V out of the box, so I
don't know if that's a vulnerability.

I do remember one item about them, when I was at some company helping
them setup their Quotron feed (I think this was 1988... or was it 1991),
I remember writing a simple program to just scan every open port on
their system to see what happened.  Most were closed.  I did get things
like echo and chargen to respond, but others like telnet, ftp, portmap, 
etc. didn't respond.  Then they called us up and yelled for this (I
aparently tickled something on their system they didn't like).  A few
weeks later, my scanner program didn't work as well.

At least in the late 80s/early 90s Quotron was concerned with security.
I wonder how they are doing today?

scott barman
--
scott barman                  DISCLAIMER: I speak to anyone who will listen,
scott @
 disclosure .
 com                      and I speak only for myself.
barman @
 ix .
 netcom .
 com
  "Micro$oft and Windoze/NT will be the cause of the de-evolution of
   network security just as the original PC and BASIC was the cause of
   the de-evolution of programming."

References:

Re: CERT and Firewalls BOFs
From: Brent @ GreatCircle . COM (Brent Chapman)

Indexed By Date	Previous:	Re: Network Address Translation From: janken @ rust . net (Kenneth J. Stephens)
Indexed By Date	Next:	Book recommendations -Reply From: "Robert E. Bowes" <REBowes @ smtpgate . read . tasc . com>
Indexed By Thread	Previous:	Re: CERT and Firewalls BOFs From: Brent @ GreatCircle . COM (Brent Chapman)
Indexed By Thread	Next:	Re: CERT and Firewalls BOFs From: mokbelsa @ jasper . mcclellan . af . mil