Most frequent incidents on the UW network

• Reconnaisance scans of the entire washington.edu domain looking for systems to target
• Buffer overrun attacks on services like imapd, rpc.mountd, rpc.cmsd, named, etc.
• Exploitation of open accounts (e.g., tutor, demo, guest on Silicon Graphics IRIX systems)
• Packet sniffing on departmental subnets
• "Trojan Horse" attacks
• Shared and/or stolen accounts on UCS computers
  • "Socially engineered" passwords obtained by IRC users
  • Boyfriend abuses girlfriend's account (and her trust)
  • Accounts created with stolen information
  • Passwords "sniffed" off network
• IRC bots used to flood/take-over channels (results in abuse reports)
• Denial of service attacks using ping, packet flooders, etc.
• Use of BackOrifice against Windows PC users
• Appropriated ftp servers for "warez" sites
• Forged email to harrass/threaten/pull a prank on someone
• Saved passwords on PCs used to access Internet (e.g., WS-FTP); owner is the one who gets "caught"
• X server keystroke monitoring

• Case Studies

[Next] | [Prev] | [Top]