End of The Day
Copyright (c), 1996, Management Analytics - All Rights Reserved
By the end of the day, the picture was becoming far clearer.
Overall, the incident had involved:
- A breakin at a community college in Pennsylvania where the
attacker attained root access and rigged the University computer to
automatically telnet to our site every 5 minutes. The account was
found and terminated and further investigation is underway.
- A port scan followed by a series of scores of attempts to telnet
into our site for over an hour from a University site in Arizona. The
perpetrator has now been found and is being subjected to administrative
action at the school.
- Several IP spoofing attempts that we are tracing down to the
specific dial-in accounts used to launch the attacks.
- An intentional insider corruption of a Web page designed to turn
innocent browsers into launchpads for their attack. We tracked this
- A web site which is misleading people into telnetting into our
site under the auspices of getting a letter from a self-proclaimed
computer security expert. We tracked this person down.
- What appeared to be a systems administrator at a prominent
university who did a port scan followed by numerous telnets. It now
looks like this person may not have been authorized by the university to
do any of this and it has been raised to another level in the
- Someone who apparently broke into another major university's system
and launched port scanning attacks as root.
The total number of attempted entries came to just about 1800.
Of these, 1500 were the result of the malicious Web page, several
hundred were the result of about ten people using spoofed IP addresses,
and the remaining 10-20 were the result of people pressing misleading
buttons at Web sites.