Path: utzoo!utgpu!watmath!clyde!att!rutgers!mit-eddie!ll-xn!ames!pasteur!helios.ee.lbl.gov!ux1.lbl.gov!stoll From: stoll@ux1.lbl.gov (Cliff Stoll) Newsgroups: comp.protocols.tcp-ip Subject: SOB exploiting FTP hole; gateways severed Summary: someone is breaking into systems using the FTP hole Keywords: network security Message-ID: <1333@helios.ee.lbl.gov> Date: 30 Nov 88 15:11:51 GMT Sender: usenet@helios.ee.lbl.gov Reply-To: cliff@cfa200.harvard.edu (Cliff Stoll) Organization: Harvard-Smithsonian Center for astrophysics Lines: 15 I understand that several internet gateways have been severed as of Tuesday evening, Nov. 29th. The Network Operations Center appaarently was ordered to do this as a result of someone breaking into several computers, using the FTP hole that was recently publicized. Apparently, the bug has not been patched at everyone's site, and so this bastard has been able to do mischief. I expect DCA will post an advisory on this soon. Cliff Stoll Harvard - Smithsonian Center for Astrophysics 617/491-6536 617/495-7147 Nov 30, 10AM