RE: [5550] Re: Router Access Attempt

John Snell (geigudr@cs.washington.edu)
Wed, 15 Jul 1998 21:33:43 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stefan Savage: "RE: [5550] Re: Router Access Attempt"
Previous message: Stefan Savage: "RE: [5550] Re: Router Access Attempt"
In reply to: Stefan Savage: "RE: [5550] Re: Router Access Attempt"
Next in thread: Stefan Savage: "RE: [5550] Re: Router Access Attempt"

You know, this statement makes no claims about the legality of our sending
packets to their routers. We are in fact a major research university,
with heavy DARPA funding, and a have valid excuse to be sending packets to
them.

I think a firm, polite statement, of "tough" is in order. Unless someone
thinks that they actually have some legal ground to be standing upon, we
should have no real problems with them.

> > MCI Data Systems Security kindly requests that you do not make
> attempts to
> > access any of our routers. If you need some assistance for a problem
> or issue

On Wed, 15 Jul 1998, Stefan Savage wrote:

> Date: Wed, 15 Jul 1998 21:19:20 -0700
> From: Stefan Savage <savage@cs.washington.edu>
> To: 'David Becker' <becker@major.cs.washington.edu>, syn@cs.washington.edu
> Subject: RE: [5550] Re: Router Access Attempt
>
> Ooops... well, I guess we'll have to stick to end-to-end measurements
> ;-)
>
> - Stefan
>
> > -----Original Message-----
> > From: David Becker [SMTP:becker@major.cs.washington.edu]
> > Sent: Wednesday, July 15, 1998 8:20 PM
> > To: syn@cs.washington.edu
> > Subject: [5550] Re: Router Access Attempt
> >
> >
> > To keep everyone informed, MCI complained to C&C about a test I ran
> > today.
> > I checked one of their interior routers,
> > core5.WillowSprings.mci.net(204.70.4.97)
> > to see if any useful tcp ports connected.
> >
> > The idea is to measure asymetric per-hop drop rates using the state
> > that any TCP
> > connection must maintain. Most interior routers will respond to
> > telnet
> > and/or finger connections and thats all we need for the measurement
> > (in theory).
> >
> > I will have to check my command history tomorrow to see precisely how
> > I
> > triggered MCIs security machinery.
> >
> >
> > ------- Forwarded Message
> >
> > Date: Wed, 15 Jul 1998 18:04:53 -0700 (PDT)
> > From: Linda Wright <lwright@cac.washington.edu>
> > To: security@mci.net, yenbut@cs.washington.edu
> > cc: noc@cac.washington.edu, aboone@Tymnet.COM, info@u.washington.edu
> > Subject: [5550] Re: Router Access Attempt
> > In-Reply-To: <9807160041.AA29703@january.Tymnet.COM>
> > Message-ID:
> > <Pine.ULT.3.95.980715180257.11050G-100000@shiva2.cac.washington.edu>
> > MIME-Version: 1.0
> > Content-Type: TEXT/PLAIN; charset=US-ASCII
> > X-UIDL: b638be74afcad0445706f9ae3d57fcd8
> >
> > Thank you for your report. We have copied the domain
> > administrator for CS.WASHINGTON.EDU on this email and
> > they will be responsible for following up with you.
> >
> > wakko.cs.washington.edu:
> > Internet address = 128.95.2.48
> > Mail exchanger = june.cs.washington.edu, preference 10
> > = trout.cs.washington.edu, preference 20
> >
> > - -Linda Wright
> > University of Washington
> > Network Operations Center
> > 206.543.5128
> >
> > On Wed, 15 Jul 1998 security@mci.net wrote:
> >
> > >
> > > MCI TELECOMMUNICATIONS CORP.
> > > DATA SYSTEMS SECURITY
> > >
> > >
> > >
> > >
> > > TO: University of Washington
> > > FROM: Data Systems Security (Anita Boone)
> > > SUBJECT: Router Access Attempt
> > > DATE: July 15, 1998
> > >
> > ======================================================================
> > ========
> > >
> > > MCI Data Systems Security kindly requests that you do not make
> > attempts to
> > > access any of our routers. If you need some assistance for a problem
> > or issue
> > > that regards MCI, you can contact our Internet support at
> > 1-800/977-4662,
> > > or send e-mail to trouble@mci.net.
> > > Thank-You.
> > >
> > >
> > > Router core5.WillowSprings.mci.net -Rsh connection attempt from
> > 128.95.2.48
> > > (2 times / 1 mins) Up-to-minute total count for 128.95.2.48 is 2
> > > =====================
> > > ERROR Message: Jul 15 19:35:44 core5.WillowSprings.mci.net 13402:
> > Jul 15
> > > 19:36:02.495 EDT: Attempted to connect to
> > core5.WillowSprings.mci.net
> > > from 128.95.2.48
> > >
> > > Where time is EDT.
> > >
> > >
> > ======================================================================
> > ========
> > > data-systems-security@mci.com | Internet: security@mci.net
> > > Voice: (408) 922-6004 | Fax: (408) 922-8870
> > > http://ird.security.mci.net
> > > Toll Free: (888) 860-3382
> > >
>

_____________________________________________________________________________
"The human mind is a 400,000-year-old legacy application...and you expected
to find structured programming?" -- Randall Davis, 1996 AAAI Pres. Address

Next message: Stefan Savage: "RE: [5550] Re: Router Access Attempt"
Previous message: Stefan Savage: "RE: [5550] Re: Router Access Attempt"
In reply to: Stefan Savage: "RE: [5550] Re: Router Access Attempt"
Next in thread: Stefan Savage: "RE: [5550] Re: Router Access Attempt"