Most frequent incidents on the UW network
Many incidents involve more than one of these problems, often with
more than one account.
- Reconnaisance scans of the entire
washington.edu domain looking for systems to
- Buffer overrun attacks on services like imapd,
rpc.mountd, rpc.cmsd, named, etc.
- Exploitation of open accounts (e.g., tutor, demo,
guest on Silicon Graphics IRIX systems)
- Packet sniffing on departmental subnets
- "Trojan Horse" attacks
- Shared and/or stolen accounts on UCS computers
- "Socially engineered" passwords obtained by IRC users
- Boyfriend abuses girlfriend's account (and her trust)
- Accounts created with stolen information
- Passwords "sniffed" off network
- IRC bots used to flood/take-over channels (results in abuse reports)
- Denial of service attacks using ping, packet flooders, etc.
- Use of BackOrifice against Windows PC users
- Appropriated ftp servers for "warez" sites
- Forged email to harrass/threaten/pull a prank on someone
- Saved passwords on PCs used to access Internet (e.g., WS-FTP);
owner is the one who gets "caught"
- X server keystroke monitoring
- Case Studies
Dave Dittrich <firstname.lastname@example.org>
Last modified: Sat Apr 15 12:00:50 PDT 2000