The Tech - Online EditionMIT's oldest and largest
newspaper & the first
newspaper published
on the web
Boston Weather: 42.0°F | A Few Clouds and Breezy

IS Network Report

IS Network Security Team

In April 2003, the Network Security Team opened 139 new cases. Of these, 18 were Windows FTP vulnerabilities, 33 were SAMBA vulnerabilities, and 22 were port scanning for other vulnerable machines. A number of these turned into full compromised machines.

We selected a number of Network Security cases with activity from the week of April 27 to May 3 that illustrate the type of destructive security violations that occur on MIT’s campus. Identifying information has been removed to protect those who had violated machines.

4/16: Windows system compromised in Building W35

Intruder installed “LQ-dIsTrO software to share files and break into other machines. Machine was sharing a number of copyrighted movies. Resolution: Machine was replaced with a new machine. Downtime: 14 days.

4/28: Windows machine in Building 66 lab running port scans

Intruder used machine to probe and attempt break-ins into other Internet sites. Machine was in use for student academic work. Resolution: Hard drive reformat and reinstall (F&R). Downtime: 2 days.

4/29: Windows machine compromised in Building 16

Intruder installed "Not Loged in" software to share files and break into other machines. Resolution: F&R. Downtime 2 days.

4/29: Windows system compromised in NE49

Intruder installed "Hack by Xtr3m" software to share files and break into other machines. Resolution: F&R. Downtime: 6 days.

4/29: Windows system compromised in Building 56

Intruder installed “bcgcb59" software to share files and break into other machines. Resolution: F&R. Downtime 1 day.

4/29: Windows system in Building 13 compromised

Intruder installed "Hacked Stro" software to share files and break into other machines. Resolution: F&R. Downtime 3 days.

4/30: Windows system connected by DHCP compromised in Building 66

Intruder used machine to run port scans of other internet sites. Machine was compromised earlier this year, resolved with an F&R. User has not contacted Network Security to restore network service.

4/30: Windows machine compromised in Edgerton House

Intruder installed "Not Loged in" software to share files and break into other machines. Resolution: F&R. Downtime 3 days.

4/30: Windows system compromised in Baker House

Intruder installed DarKBoArDeR software to share files, break into other machines, and run an IRC server. Another university reported machine for running disruptive IRC server. Resolution: F&R. Downtime: 5 days.

5/1: Machine compromised and flooded Eastgate network

Intruder used machine to probe and attempt break-ins into other Internet sites. Drop was turned off in one building. Compromised machine was reconnected to alternate drop, resulting in another drop being turned off and all network connectivity to the machine being disabled. Machine is still off the network until full reformat and reinstall is done.

5/3: Windows system compromised in Building 33

Intruder used machine to run port scans of European internet sites. Resolution: F&R. Downtime: 2 days.