[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

KERT Advisory

From: KERT Advisory <[email protected]>
Date: Fri, 4 Feb 94 21:14:40 EST
To: [email protected]
Subject: KERT Advisory - Ongoing Network Monitoring Attacks
Organization: Komputer Emergency Response Team : 714-731-0699

=============================================================================
KA-94:01                         KERT Advisory
                               February 4, 1994
                      Ongoing Network Monitoring Attacks
-----------------------------------------------------------------------------
                                   

In the past week, KERT has observed a dramatic increase in reports of
intruders wishing to monitor network traffic.  Systems of some service
providers have been compromised, and all systems that offer remote
access through normal channels are at risk.  The intruders have
already captured information from tens of thousands of users
outside the political boundaries of the United States.

The current attacks involve a network monitoring tool that uses the
promiscuous mode of a specific network interface, the telephone, to
capture host and user identities and data on newly established
telephone sessions.

In the short-term, CERT recommends that all users at all sites that offer
remote access resist attempts by any persons or organizations to
install Trojan-horse devices which purport to "enhance" privacy but in
fact are designed to provide unauthorized access to sensitive information.

While the current attack is specific to /dev/Clipper, the short-term
workaround does not constitute a solution.  The best long-term
solution currently available for this attack is to reduce or eliminate
the transmission of user data in clear-text over the network, and to
reduce or eliminate the access of the intruders to the network
interface design and specification process.

-----------------------------------------------------------------------------