1993-06-08 - CERT: the letter from CERT to berkeley.edu admin
Header Data
From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: 41f4a4bd6bdec31f299f4d342e899486a5cb7c4f7b5da98d7fb470b687d83109
Message ID: <9306081620.AA07331@soda.berkeley.edu>
Reply To: N/A
UTC Datetime: 1993-06-08 16:24:11 UTC
Raw Date: Tue, 8 Jun 93 09:24:11 PDT
Raw message
From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Tue, 8 Jun 93 09:24:11 PDT
To: cypherpunks@toad.com
Subject: CERT: the letter from CERT to berkeley.edu admin
Message-ID: <9306081620.AA07331@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain
Here, in its almost full glory, is the letter that CERT sent to the
admin at berkeley. I've removed the addressee, since there's no need
to involve that person. I have not, however, removed the name of the
sender.
Don't you just love that phrase "illegal trading of commercial
software"?
Eric
-----------------------------------------------------------------------------
To: <someone>@ucbvax.Berkeley.EDU
Subject: Possible abuse of anonymous FTP area on berkeley.edu host(s)
Organization: CERT Coordination Center
From: cert@cert.org
Date: Wed, 02 Jun 93 16:56:55 -0400
Hello <someone>,
I am a member of the CERT Coordination Center. CERT provides
technical assistance in response to computer security incidents.
Would you please forward this report to the appropriate system
administrator(s)?
We have been passed information that indicates that the anonymous FTP
archive on the following host(s) may be in use by intruders for
illegal trading of commercial software:
>>>>>>> soda.berkeley.edu /pub/cypherpunks
We have not confirmed this information, nor have we identified that
the anonymous FTP configuration on the above-listed host(s) is open
for abuse.
While anonymous FTP areas can be put to good use, the intruder
community makes use of them to illegally trade commercial software and
other information. Intruders often create "hidden" files or
directories in order to conceal their activity. On UNIX hosts,
directory and file names of a form such as "..." (dot dot dot), ".. "
(dot dot space space), or "..^G" (dot dot control-G) may be used.
In some cases, intruders have abused anonymous FTP areas to such an
extent that file storage has been exhausted and a system crash or
denial of service has resulted.
We would encourage you to check your anonymous FTP archive for any
such "hidden" files or directories by using the "ls -laR" command.
We would appreciate feedback on the name of any software packages
found at your site and the number of accesses to that software, if
that information is available from your logs. Please e-mail a summary
of this information to "cert@cert.org" before deleting any such files
and directories from your archive.
For your information, I have appended some suggestions for anonymous
FTP configuration.
Thanks for checking into this incident, and please don't hesitate to
contact us if we can be of any assistance.
Katherine T. Fithen
Technical Coordinator
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Internet e-mail: cert@cert.org (monitored during business hours)
Telephone: 412-268-7090 (answers 24 hours a day)
Thread
Return to June 1993
- Return to “Al Billings <mimir@u.washington.edu>”
- Return to “Eric Hughes <hughes@soda.berkeley.edu>”
- Return to “Johan Helsingius <julf@penet.FI>”
Return to “Marc Horowitz <marc@GZA.COM>”
- 1993-06-08 (Tue, 8 Jun 93 09:24:11 PDT) - CERT: the letter from CERT to berkeley.edu admin - Eric Hughes <hughes@soda.berkeley.edu>
- 1993-06-08 (Tue, 8 Jun 93 10:05:32 PDT) - Re: CERT: the letter from CERT to berkeley.edu admin - Marc Horowitz <marc@GZA.COM>
- 1993-06-08 (Tue, 8 Jun 93 10:57:08 PDT) - Re: CERT: the letter from CERT to berkeley.edu admin - Al Billings <mimir@u.washington.edu>
- 1993-06-08 (Tue, 8 Jun 93 11:10:39 PDT) - Re: CERT: the letter from CERT to berkeley.edu admin - Johan Helsingius <julf@penet.FI>