Catching up on email, I will point out that every major service provider
is probably compromised to one degree or another as frequently as 3
times per year from terminal rooms. For example, in addition to Usenix
meetings: IETF meetings, NANOG meetings, and every other computer
meeting or show that hosts an unsecured unswitched local net....
At IETF, I've certainly known folks that have snooped the traffic from
the terminal room. This is routine, over the past 5-6 years. The last
time that I went (Chicago), such folks discovered that there was only
one person on the net using IPSec (they tracked it down to me). They
found nobody even using OTP.
(heavy sigh) We go to all the trouble of designing these security
techniques, but then don't use them in our own production environments!
These were security folks, and I'm pretty sure they didn't save the
passwords after laughing at them -- but anyone else in the room could.
Remember, we have a lot more "unknown" folks attending.
Meanwhile, I know that Merit and UMich reorganized the backbone topology
a few years back after some major servers were compromised. Now, most
traffic flows over links with no machines other than routers. General
purpose servers are segregated, and on switched links to the extent
practical.
That doesn't help the dorms, or other public access unswitched networks
on campus. And with MediaOne finally deploying cable access this year
in Ann Arbor, I'd expect the whole kit and kaboodle to get worse before
it gets better!
> Date: Tue, 09 Mar 1999 17:19:24 +1100
> From: Greg Rose <[EMAIL PROTECTED]>
> I had no idea there had been so many, so well hushed up! MILNET, JANET (4
> independent incidents in the UK in Q3 1995 alone), Panix and other ISPs,
> several universities, the USENIX terminal room, ...
>
[EMAIL PROTECTED]
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
