Print

Print


Hi all -

Is this kind of security information important for you to receive?

Bill Romond

-----Original Message-----
From: [log in to unmask] [mailto:[log in to unmask]]
Sent: Thursday, December 14, 2000 11:03 AM
To: [log in to unmask]
Subject: [Ansir] ANSIR E-Mail (NIPC Assessment 00-62) 12/14/00



ANSIR E-MAIL:  National Infrastructure Protection Center (NIPC) "Anonymous
File Transfer Protocol (FTP) Login exploitation" (NIPC Assessment 00-62)

Recent Cyber Intrusion:

The FBI has become aware that a regional entity in the electric power
industry has recently experienced computer intrusions through the Anonymous
FTP (File Transfer Protocol) Login exploitation. The intruders used the
hacked FTP site to store and play interactive games that consumed 95
percent of the organization's Internet bandwidth. The compromised bandwidth
threatened the regional entity's ability to conduct bulk power
transactions. The intruders apparently have created an automated exploit
that finds a system offering FTP services and an anonymous login, and then
examines the entire system tree structure looking for any directory with
write privileges.

Anonymous FTP Login Exploit Countermeasures:

The Anonymous FTP, where the FTP server allows global user access without
requiring a specific name and password, is often used by hackers as a means
to exploit other vulnerabilities. System Administrators are advised to
check their networks for FTP access, especially for illicit FTP servers
that can provide a back-door into the LAN (Local-Area-Network). Since this
is a configuration issue, patches are not applicable. If Anonymous FTP
access is needed at the site, limit the permissions of anonymous users to
access other directories, and allow access only to the directories to which
you want them to write. Anonymous users should not have permission to write
to other directories or to read the directory to which they are allowed to
write. System Administrators are also advised to review CERT/CC s article
on "Anonymous FTP Abuses" for further information (http://www.cert.org),
and to discuss specific countermeasures with their specific security
vendors.

No single countermeasure will provide complete security. Good security
consists of a mix of technical, physical, and personnel security measures
with all elements as an integral part of your organizational security plan.

Please report any illegal or malicious activities to your local FBI office
or the NIPC, and to your military or civilian computer incident response
group, as appropriate. Incidents may be reported online at:
<http://www.nipc.gov/incident/cirr.htm>www.nipc.gov/incident/cirr.htm.

Additional information on the NIPC and NIPC Advisories is available at:
<http://www.nipc.gov>www.nipc.gov

Recipients are asked to report, actual or suspected, criminal activity to
their local FBI office or to NIPC, and to your military or civilian
computer response group and other law enforcement agencies as
appropriate.  Incidents may be reported online at
<http://www.nipc.gov/incident/cirr.htm>www.nipc.gov/incident/cirr.htm.

This FBI Awareness of National Security Issues and Response (ANSIR)
communication is intended for corporate security professionals and others
who have requested to receive unclassified national security
advisories.  Individuals who wish to become direct recipients of FBI ANSIR
communications should provide business card information, i.e. company name,
address, phone, fax, etc., to <mailto:[log in to unmask]>[log in to unmask] for
processing, with a brief description of the product and/or service provided
by your organization.