1994-02-05 - KERT Advisory

Header Data

From: nobody@shell.portal.com
To: cypherpunks@toad.com
Message Hash: f8070d03ba9da9c5f502ce9a253a5fdf5a04bed90c5b2f75d0f2c691aa56281b
Message ID: <199402050251.SAA12755@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-02-05 02:55:19 UTC
Raw Date: Fri, 4 Feb 94 18:55:19 PST

Raw message

From: nobody@shell.portal.com
Date: Fri, 4 Feb 94 18:55:19 PST
To: cypherpunks@toad.com
Subject: KERT Advisory
Message-ID: <199402050251.SAA12755@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain

From: KERT Advisory <kert-advisory-request@kremvax.su>
Date: Fri, 4 Feb 94 21:14:40 EST
To: kert-advisory@kremvax.su
Subject: KERT Advisory - Ongoing Network Monitoring Attacks
Organization: Komputer Emergency Response Team : 714-731-0699

KA-94:01                         KERT Advisory
                               February 4, 1994
                      Ongoing Network Monitoring Attacks

In the past week, KERT has observed a dramatic increase in reports of
intruders wishing to monitor network traffic.  Systems of some service
providers have been compromised, and all systems that offer remote
access through normal channels are at risk.  The intruders have
already captured information from tens of thousands of users
outside the political boundaries of the United States.

The current attacks involve a network monitoring tool that uses the
promiscuous mode of a specific network interface, the telephone, to
capture host and user identities and data on newly established
telephone sessions.

In the short-term, CERT recommends that all users at all sites that offer
remote access resist attempts by any persons or organizations to
install Trojan-horse devices which purport to "enhance" privacy but in
fact are designed to provide unauthorized access to sensitive information.

While the current attack is specific to /dev/Clipper, the short-term
workaround does not constitute a solution.  The best long-term
solution currently available for this attack is to reduce or eliminate
the transmission of user data in clear-text over the network, and to
reduce or eliminate the access of the intruders to the network
interface design and specification process.