[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CERT: the letter from CERT to berkeley.edu admin

To: [email protected]
Subject: CERT: the letter from CERT to berkeley.edu admin
From: Eric Hughes <[email protected]>
Date: Tue, 8 Jun 93 09:20:31 -0700

Here, in its almost full glory, is the letter that CERT sent to the
admin at berkeley.  I've removed the addressee, since there's no need
to involve that person.  I have not, however, removed the name of the
sender.

Don't you just love that phrase "illegal trading of commercial
software"?

Eric
-----------------------------------------------------------------------------

	To: <someone>@ucbvax.Berkeley.EDU
	Subject: Possible abuse of anonymous FTP area on berkeley.edu host(s)
	Organization: CERT Coordination Center
	From: [email protected]
	Date: Wed, 02 Jun 93 16:56:55 -0400


	Hello <someone>,

	I am a member of the CERT Coordination Center.  CERT provides
	technical assistance in response to computer security incidents.

	Would you please forward this report to the appropriate system
	administrator(s)?  

	We have been passed information that indicates that the anonymous FTP
	archive on the following host(s) may be in use by intruders for
	illegal trading of commercial software:

>>>>>>>	 soda.berkeley.edu				/pub/cypherpunks

	We have not confirmed this information, nor have we identified that
	the anonymous FTP configuration on the above-listed host(s) is open
	for abuse.  

	While anonymous FTP areas can be put to good use, the intruder
	community makes use of them to illegally trade commercial software and
	other information.  Intruders often create "hidden" files or
	directories in order to conceal their activity.  On UNIX hosts,
	directory and file names of a form such as "..." (dot dot dot), "..  "
	(dot dot space space), or "..^G" (dot dot control-G) may be used.

	In some cases, intruders have abused anonymous FTP areas to such an
	extent that file storage has been exhausted and a system crash or
	denial of service has resulted.  

	We would encourage you to check your anonymous FTP archive for any
	such "hidden" files or directories by using the "ls -laR" command.


	We would appreciate feedback on the name of any software packages
	found at your site and the number of accesses to that software, if
	that information is available from your logs.  Please e-mail a summary
	of this information to "[email protected]" before deleting any such files
	and directories from your archive.

	For your information, I have appended some suggestions for anonymous
	FTP configuration.

	Thanks for checking into this incident, and please don't hesitate to
	contact us if we can be of any assistance.


	Katherine T. Fithen
	Technical Coordinator
	CERT Coordination Center
	Software Engineering Institute
	Carnegie Mellon University
	Pittsburgh, PA  15213-3890

	Internet e-mail:  [email protected] (monitored during business hours)
	Telephone:  412-268-7090 (answers 24 hours a day)

Follow-Ups:
- Re: CERT: the letter from CERT to berkeley.edu admin
  - From: Marc Horowitz <[email protected]>
- Re: CERT: the letter from CERT to berkeley.edu admin
  - From: Al Billings <[email protected]>
- Re: CERT: the letter from CERT to berkeley.edu admin
  - From: Johan Helsingius <[email protected]>

Prev by Date: re: Getting on CERT's "Most Dangerous" List
Next by Date: Getting on CERT's "Most Dangerous" List
Prev by thread: Getting on CERT's "Most Dangerous" List
Next by thread: Re: CERT: the letter from CERT to berkeley.edu admin
Index(es):
- Date
- Thread