Path: utzoo!utgpu!watmath!clyde!att!rutgers!mit-eddie!ll-xn!ames!pasteur!helios.ee.lbl.gov!ux1.lbl.gov!stoll
From: stoll@ux1.lbl.gov (Cliff Stoll)
Newsgroups: comp.protocols.tcp-ip
Subject: SOB exploiting FTP hole; gateways severed
Summary: someone is breaking into systems using the FTP hole
Keywords: network security
Message-ID: <1333@helios.ee.lbl.gov>
Date: 30 Nov 88 15:11:51 GMT
Sender: usenet@helios.ee.lbl.gov
Reply-To: cliff@cfa200.harvard.edu  (Cliff Stoll)
Organization: Harvard-Smithsonian Center for astrophysics
Lines: 15

I understand that several internet gateways have been severed
as of Tuesday evening, Nov. 29th.  The Network Operations
Center appaarently was ordered to do this as a result of
someone breaking into several computers, using the FTP hole
that was recently publicized.

Apparently, the bug has not been patched at everyone's site,
and so this bastard has been able to do mischief.  

I expect DCA will post an advisory on this soon.

Cliff Stoll
Harvard - Smithsonian Center for Astrophysics
617/491-6536    617/495-7147
Nov 30, 10AM