The Tech - Online EditionMIT's oldest and largest
newspaper & the first
newspaper published
on the web
Boston Weather: 87.0°F | Partly Cloudy

IS Discovers Packet Sniffer in Building 20

By Ifung Lu
Associate News Editor

Information Systems recently discovered that passwords had been compromised resulting from a security breach in the Building 20 computer subnetwork, according to Gregory A. Jackson '70, director of academic computing.

An unknown intruder had gained access to a private workstation and placed a "packet sniffing" program on it sometime last fall, Jackson said. But it is not clear how long the the sniffer was in place or how many passwords were captured, he said.

Jackson said he is not sure how the intruder gained access to the workstation, but it "almost certainly involves inadequate security on the part of the workstation manager."

Sniffing for passwords on the network is a violation of the general principles of responsible use, according to Jeffrey I. Schiller '79, manager of the campus network.

In addition, federal laws protect the privacy of users of wire and electronic communications, Jackson said. "Individuals who access electronic files or intercept network communications at MIT or elsewhere without appropriate authorization violate Institute policy and may be subject to criminal penalties," he said.

@Bodysub:Problem not unique to MIT

This particular incident is only one of several that have been detected on the MIT network. But sniffers are common in many places, Schiller said. "I expect that just about every open network in a medium-to-large institution has sniffers on it," he said.

Schiller believes that the increasing incidence of electronic crime may be due to the rapid growth of the Internet. "The criminals' are getting better tools like sniffers and there are numerically more of them. As more people start to use the network, more bad guys show up," Schiller said.

Sniffer programs display the contents all packets passing through a particular network, regardless of whether they are intended for that computer. Although sniffer programs have legitimate uses as diagnostic tools, they can be employed for malicious activity as well, according to Gregory B. Hudson '96, chairman of the Student Information Processing Board.

"What most people sniff for are passwords," Hudson said.

Once an intruder has compromised one account, he can use it to access copyrighted software, impersonate the owner of the account, or use it to compromise other accounts according to Hudson.

Protect your passwords

Users who believe their passwords have been compromised are urged to change their password immediately using a secure password changer, Jackson said. "Whoever knows your username and password is you, in network terms," he said.

Generally, students who access only Athena from public workstations are safe from sniffers because of Kerberos authentication and encryption, Hudson said. But users who access other computer systems via a non-Kerberized telnet leave themselves open to sniffing.

Users who must send their password over in the network in unencrypted form should change their passwords immediately afterwards using a secure password changer, Jackson said.

"Never, never give your password to anyone," Jackson said. Think before sending your identity across the network, or using software from strangers, or otherwise giving people a chance to become you."