Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!nrl-cmf!ames!pasteur!helios.ee.lbl.gov!nosc!logicon.arpa!Makey
From: Makey@LOGICON.ARPA (Jeff Makey)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: SOB exploiting FTP hole; gateways severed
Keywords: network security
Message-ID: <214@logicon.arpa>
Date: 30 Nov 88 19:04:47 GMT
References: <1333@helios.ee.lbl.gov>
Organization: Logicon, Inc., San Diego, CA
Lines: 27

In article <1333@helios.ee.lbl.gov> cliff@cfa200.harvard.edu  (Cliff Stoll) writes:
>I understand that several internet gateways have been severed
>as of Tuesday evening, Nov. 29th.  The Network Operations
>Center appaarently was ordered to do this as a result of
>someone breaking into several computers, using the FTP hole
>that was recently publicized.

Thanks for the info, Cliff.  I had noticed the effect (MILNET <-->
ARPANET gateways not sending packets through), but I didn't know the
reason.

Aren't the MILNET <--> ARPANET gateways supposed to be able to
restrict traffic based on higher-layer protocols?  Or is that feature
no longer supported?  I remember that when the ARPANET/MILNET split
took place back in '83/'84 the gateways were supposed to be mail
bridges only, so they had the ability to pass only SMTP packets
between certain hosts (see DDN Management Bulletin 20, dated 6 March
1984).

If this feature is still in place, can't it be used to restrict only
FTP traffic and allow the mail to go through?

                           :: Jeff Makey

Department of Tautological Pleonasms and Superfluous Redundancies Department
    Disclaimer: Logicon doesn't even know we're running news.
    Internet: Makey@LOGICON.ARPA    UUCP: {nosc,ucsd}!logicon.arpa!Makey