Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!nrl-cmf!ames!pasteur!helios.ee.lbl.gov!nosc!logicon.arpa!Makey From: Makey@LOGICON.ARPA (Jeff Makey) Newsgroups: comp.protocols.tcp-ip Subject: Re: SOB exploiting FTP hole; gateways severed Keywords: network security Message-ID: <214@logicon.arpa> Date: 30 Nov 88 19:04:47 GMT References: <1333@helios.ee.lbl.gov> Organization: Logicon, Inc., San Diego, CA Lines: 27 In article <1333@helios.ee.lbl.gov> cliff@cfa200.harvard.edu (Cliff Stoll) writes: >I understand that several internet gateways have been severed >as of Tuesday evening, Nov. 29th. The Network Operations >Center appaarently was ordered to do this as a result of >someone breaking into several computers, using the FTP hole >that was recently publicized. Thanks for the info, Cliff. I had noticed the effect (MILNET <--> ARPANET gateways not sending packets through), but I didn't know the reason. Aren't the MILNET <--> ARPANET gateways supposed to be able to restrict traffic based on higher-layer protocols? Or is that feature no longer supported? I remember that when the ARPANET/MILNET split took place back in '83/'84 the gateways were supposed to be mail bridges only, so they had the ability to pass only SMTP packets between certain hosts (see DDN Management Bulletin 20, dated 6 March 1984). If this feature is still in place, can't it be used to restrict only FTP traffic and allow the mail to go through? :: Jeff Makey Department of Tautological Pleonasms and Superfluous Redundancies Department Disclaimer: Logicon doesn't even know we're running news. Internet: Makey@LOGICON.ARPA UUCP: {nosc,ucsd}!logicon.arpa!Makey