201 lines
10 KiB
Plaintext
201 lines
10 KiB
Plaintext
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||
%% The Federation & %%
|
||
%% The Baud Baron>>>>>>>>>>>>>>>Presents:::::::::: %%
|
||
%% "Defense Data Network Blues" %%
|
||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||
|
||
Another Famous G-file by The Baud Baron
|
||
- - - - - - - - - - - - - - - AT T E N T I O N - - - - - - - - - - - - - - -
|
||
The following phile consists entirely of UNCUT,UNEDITED,TRUE downloads from
|
||
the National Defense Data Network. Names have been changed to protect the
|
||
innocent. I, Harry Hackalot, take FULL responsiblity for contents of this file
|
||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||
Well, as we log on the the National DDN (Defense Data Network) we pause to
|
||
notice some messages posted by our hero, "guy", in regard to the trial of a
|
||
couple of UCLA hackers who broke into the network a year ago........
|
||
(NOTE: Something went wrong with my terminal program's buffer,so I only got the
|
||
last couple of lines of the first message. It is a list of all the sites
|
||
penetrated by the hackers. Crysta is the one the Wargames kid got into)
|
||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||
|
||
ps The list of sites penetrated includes:
|
||
|
||
nosc-cc purdue rand-relay nrl-css/aic bbn-unix
|
||
mitre-bedord cornell nta-vax uwisc/crystal csnet-sh
|
||
ucb-vax/ingres/calder/medea/cad isi-vaxa/elvira/xorn
|
||
sri-unix ucla-ats/locus/cs/vax su-shasta/diablo/navajo
|
||
pps As of 8/31/83, we have been logging all activity originating at UCLA,and
|
||
going out thru FTP and TELNET. (ie, we 'bugged' ftp and telnet to record
|
||
all bits going/coming) We therefore have a pretty good record of what the
|
||
bandits were doing. (Yesterday I turned over 4000(yes thousand) pages of
|
||
ftp/telnet logs to the DA) We have also been doing CSH commmand history
|
||
logging. If you would like more gory details about activity relating to
|
||
you site, please give me a call.
|
||
----------------------------------------------------
|
||
Date: 31 Oct 1983 11:02:45 PST
|
||
From: guy UCLA-LOCUS
|
||
Subject: Re: HACKER ROUNDUP - WITNESSES NEEDED
|
||
In-reply-to: Your message of 31 October 1983 10:29 EST.
|
||
Text:
|
||
I just got off the phone with ..........., the deuty DA prosecuting
|
||
the case. He says that since we have talked with all the folks we expect
|
||
to be using, there's no problem in telling all the site administrators what's
|
||
been going on. If any new evidence/sites turn up, we're interested, but it is
|
||
doubtful that it wld be used in this particular case.
|
||
Note especially that we're only filing charges against one of the two guys,
|
||
and if more info turns up on the second, that would be VERY useful. The two
|
||
key first names are 'ron' and 'kev', short for Ronald a Kevin. These guys
|
||
have a habit of changing their UNIX 'full name' to at least be their first
|
||
name, if not their last name as well. (they have been known to use a
|
||
fictitious surname on-line.) We're filing against Ronald, initially.
|
||
They werective at UCLA from August 1 through Sep 22, when they were served
|
||
search warrants, and their toys confiscated. One had a Commodore, the other
|
||
a TRS color computer. Both had cassettes, neither had floppys or printers.
|
||
Both had 300-baud modems. Both had UNIX manuals--one had a two volume set
|
||
from Bellsystem III; the other had the Yates book. One had also purchased
|
||
UCLA CSDept documents on using UNIX.
|
||
We know that a third person was involved, and that accesses to UCLA continued
|
||
briefly even after the equipment was confiscated. Other sites have also
|
||
noticed that some activity is still occurring.
|
||
|
||
richard
|
||
|
||
ps
|
||
|
||
I suspect that this note, with excerpts from the others, are what you want
|
||
to publish to the liasons/administrator. Also note, that due to the wonder
|
||
of transparent gateways, ANY host accessible directly by ftp/telnet is a
|
||
potential victim. Not to mention anyone with a dial-in. Our bandits used
|
||
(fraudently) both MCI-type long-distance dialing codes, as well as dial-out
|
||
failities from various penetrated systems.
|
||
-------------END OF FORWARDED MESSAGE(S)-------------
|
||
-------------------------------------------------------------------------------
|
||
WOW! The kids broke in witha TRS-80 Color Computer and a Commodore!
|
||
Anyway, those super-intelligent TAC guys left a tutorial on how to log on to
|
||
the system..... This should help any hackers interested in hacking out their
|
||
own P/W's & logon accounts........... Here it is.......
|
||
-------------------------------------------------------------------------------
|
||
TACACS, the access control system for MILNET TAC's, requires you to
|
||
login before a connection to a host may be completed. The login process
|
||
is automatically started with the first opn (o) command you issue.
|
||
There is also a new logout (l) command to logout. Otherwise, the
|
||
functioning of the TAC is essentially unaffected by the access control
|
||
system.
|
||
Here is a sample of the login dialog (the user input is underlined):
|
||
(a) PVC-TAC 111 #: 01 This is the last line of the TAC
|
||
herald, which the TAC uses to
|
||
identify itself. When you see the
|
||
herald, the TAC is ready for your
|
||
command.
|
||
|
||
(b) o 26.2.0.8<RETURN> The user inputs the command to
|
||
------------------ open a connection plus the
|
||
internet address of the host to
|
||
which he wishes to connect,
|
||
followed by a Carriage Return.
|
||
|
||
(c) TAC Userid: SAMPLE.LOGIN<RETURN> Here the TAC prompts the user for
|
||
-------------------- his Userid. The user enters his
|
||
ID exactly as shown as shown on
|
||
his TAC Access Card, followed by
|
||
a Carriage Retrn.
|
||
|
||
(d) Access Code: 22bgx4467<RETURN> Again the TAC prompts the user,
|
||
----------------- who responds by entering his
|
||
Access Code as shown on his TAC
|
||
Access Card, followed by a
|
||
Carriage Return.
|
||
|
||
(e) Login OK The TAC validates the ID/Access
|
||
TCP trying...Open code and proceeds to open the
|
||
requested connection.
|
||
HELPFUL INFORMATION:
|
||
When entering your TAC Userid and Access Code:
|
||
- A carriage return terminates each input line and causes the next
|
||
prompt to appear.
|
||
- As you type in your TAC Userid and Access Code, it does not matter
|
||
wheher you enter an alphabetic character in upper or lower case.
|
||
All lower case alphabetic characters echo as upper case for the
|
||
Userid.
|
||
- The Access Code is not echoed in full-duplex mode. An effort is
|
||
made to obscure the Access Code printed on hardcopy terminals in
|
||
haf-duplex mode.
|
||
- You may edit what you type in by using the backspace (Control-H)
|
||
key to delete a single character.
|
||
- You may delete the entire line and restart by typing Control-U.
|
||
A new pompt will appear.
|
||
- While entering either the TAC Userid or Access Code, you may type
|
||
Control-C to abort the login process and return to the TAC command
|
||
mode. You must interrupt or complete the login process in order to
|
||
issue any TAC command.
|
||
IF YOU HAVE A PROBEM WITH TAC LOGIN:
|
||
Should the login sequence fail (as indicated by the response "Bad
|
||
login"), examine your Access Card carefully to ensure that you are
|
||
entering the ID and Access Code correctly. Note that Access Codes never
|
||
contain a zero, a oe, a "Q" or a "Z", since each of these characters
|
||
may be mistaken for another character. If you see what appears to be
|
||
one of these characters in your access code, it is really the letter "O"
|
||
(oh), or "G" (gee), the letter "L" (el), or the numbr "2" (two).
|
||
If you have followed all of the above steps as indicated, and if you
|
||
are sure you are entering your ID and Access Code correctly, and you
|
||
still cannot login, call the Network Information Center at (415)
|
||
859-3695 or (800) 235-3155 for help.
|
||
AFTER LOGGING N:
|
||
Your TAC port will remain logged in as long as you have an open
|
||
connection. If you close the connection, you will have ten minutes in
|
||
which to reopen a connection without having to login again. If you do
|
||
not reopen a connection within ten mnutes, the TAC will attempt to hang
|
||
up your port, and will automatically log you out.
|
||
WHEN YOU ARE FINISHED:
|
||
Always logout using the "l" command. Typing "r" has no effect on your
|
||
logged in status.
|
||
--------
|
||
If you now wish to login to the TAC,leave the TACNEWS program by
|
||
typing "quit" at the next prompt. This will return you to the TAC, and
|
||
you may then begin the login sequence with the "o" command to the TAC.
|
||
[15 Feb 1984]
|
||
---------------------------- End of Issue ----------------------------
|
||
Well, that's about it for this issue.... Maybe another file will be coming soon
|
||
, but who knows? Anyway, I'll show you how I (tried to) log off this very
|
||
advanced UNIX system. (Hah!)
|
||
TACnews> QUIT
|
||
Killed Job 27, User TACNEWS, Account QUERY, TTY 110, at 14-Sep-84 14:42:03
|
||
Used 0:0:02 in 0:06:51
|
||
Closed
|
||
Host closing connection <--- NOTE from COUNT NIBBLE/SWPG: At this point,
|
||
LOGOFF Baud Baron was OFF THE UNIX SYSTEM! All his
|
||
Can't flailings (to the left here) are futile
|
||
BYE attempts to get off a Local Area Network.
|
||
Bad Anyone who knows anything knows that to get
|
||
LOGOFF off a LAN, you JUST HANG UP! Idiot!
|
||
OF Bad
|
||
goodbye
|
||
Bad
|
||
BYE
|
||
Bad
|
||
(I now take my phone off the hook and push the 1 button 10 times)
|
||
NO CARRIER
|
||
copyright 1984
|
||
Hackalot Publications
|
||
New York,New York headquarters.
|
||
Divisions in : Chicago
|
||
Boston
|
||
L..
|
||
Denver
|
||
Dallas
|
||
and of course, San Francisco.
|
||
///////////////////
|
||
// T //
|
||
// H //
|
||
// E //
|
||
// //
|
||
// E //
|
||
// N //
|
||
// D //
|
||
///////////////////
|
||
THE BAUD BARON
|
||
CALL THESE FED SYSTEMS
|
||
THE TELEPHONE BOOTH-714-497-5999
|
||
/\/\ASTER \/\/ORLD--213-478-5478
|
||
THE AGENCY----------818-794-8916
|
||
|