Copy Link
Add to Bookmark
Report
CIAC A-12
DRAFT
________________________________________________________________________
THE COMPUTER INCIDENT ADVISORY CAPABILITY
CIAC
INFORMATION BULLETIN
________________________________________________________________________
DECNET Hacker Attack Alert
January 18, 1990, 1430 PST Number A-12
CIAC has recently been advised of a series of hacker attacks on DECnet
systems. Hackers are using a variety of techniques to break into systems,
including entering through system accounts (e.g., SYSTEM) or through
user accounts in which the account name and password are identical. Other
hackers are using more sophisticated techniques.
Once the hackers have broken into a system, they may cause a variety of
problems. They may become privileged users, and then leave executable
images. CIAC has also been advised that VMSMAIL_PROFILE.DATA may be
altered to cause mail sent to the system manager and other accounts to
be intercepted. (Since mail delivery may be compromised, it may not be
advisable for VMS system managers to alert users of these threats using
electronic mail.) In addition, they may modify RIGHTSLIST.DAT, causing
problems with Access Control Lists.
CIAC recommends that DECnet administrators increase monitoring activity.
It is important to check for default account passwords and user accounts
in which the user name is the same as the password. However, the more
sophisticated penetration methods may be difficult to detect. At a
minimum, you may want to ensure that all your privileged accounts are
authorized.
If you have questions, please contact CIAC:
Eugene Schultz (415) 422-8193 or (FTS) 532-8193
FAX: (415) 423-0913 or (FTS) 543-0913
CIAC's 24-hour emergency hot-line number is (415) 971-9384
or send e-mail to: ciac@tiger.llnl.gov
Neither the United States Government nor the University of California
nor any of their employees, makes any warranty, expressed or implied, or
assumes any legal liability or responsibility for the accuracy,
completeness, or usefulness of any information, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation, or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government nor the University of California, and shall not be used for
advertising or product endorsement purposes.
