Steven M. Bellovin, "There be dragons," in Proceedings of the Third Usenix UNIX Security Symposium, 1992, http://www.research. att.com/smb/papers/dragon.pdf.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....fi,is attempted defense, developed at the UniversityofBerkeley, CA , consists of modifi, of the rlogind and rshd code. The idea is to validate the inverse mapping tree by looking at the corresponding node on the forward mapping tree. S. Bellovin describes the method used by the patch in [Bel92]asfollows: Todetect this, we perform a cross check# using the returned name, wedoaforward checkto learn the legal address for that host. If that name is not listed, or if the addresses do not match, alarms, gongs, and tocsins are sounded. Refer to the description of the algorithm in Section ....

Steven M. Bellovin. There Be Dragons. In UNIX Security Symposium III Proceedings, pages 1--16, Baltimore, MD, 1992.

....information to interested members of the Internet community. Passwords, which are vulnerable to passive attack, are not strong enough to be appropriate in the current Internet [CERT94] Further, there is ample evidence that both passive and active attacks are not uncommon in the current Internet [Bellovin89, Bellovin92, Bellovin93, CB94, Stoll90]. The authors of this paper believe that many protocols used in the Internet should have stronger authentication mechanisms so that they are at least protected from passive attacks. Support for authentication mechanisms secure against active attack is clearly desirable in internetworking ....

Bellovin, S., "There Be Dragons", Proceedings of the 3rd Usenix UNIX Security Symposium, Baltimore, MD, September 1992.

....as far as we know, this kind of data is not available. Nevertheless, valuable information can be obtained from the analysis of some well known intrusions described for instance in [Reid 1986, Stanley 1986, Spafford 1988, Stoll 1988, Rochlis Eichin 1989, Seeley 1989, Cheswick 1991, Stanley 1991, Bellovin 1992]. Unfortunately, these intrusions are rare and cannot be considered as a representative sample. These data can be complemented by additional information provided by security experts concerning the definition of potential intruders profiles. For instance in [Denning 1990] it is suggested that most ....

S. M. Bellovin, "There be Dragons", in the Third Usenix Security Symposium, (Baltimore), 1992.

....computing resources from unauthorized use . Sensitive information and intellectual properties must be protected from unauthorized disclosure, modification, or destruction. The vulnerability of information that is accessible from or transmitted across the Internet is welldocumented (Stoll 1990; Bellovin 1992, 1993; CERT 1994; Cheswick and Bellovin 1994) Perhaps the most significant threat is the capability of any networked workstation to eavesdrop on network traffic. This could lead to the capture and exploitation of user authentication information. For example, the rash of computer break ins at ....

Bellovin, S. M. 1992. "There Be Dragons." In Proceedings of the 3rd Usenix UN IX Security Symposium , Baltimore, Maryland.

....attempted defense, developed at the University of Berkeley, CA , consists of modifications of the rlogind and rshd code. The idea is to validate the inverse mapping tree by looking at the corresponding node on the forward mapping tree. S. Bellovin describes the method used by the patch in [Bel92] as follows: To detect 62 this, we perform a cross check; using the returned name, we do a forward check to learn the legal address for that host. If that name is not listed, or if the addresses do not match, alarms, gongs, and tocsins are sounded. Refer to the description of the algorithm in ....

Steven M. Bellovin. There Be Dragons. In UNIX Security Symposium III Proceedings, pages 1--16, Baltimore, MD, 1992.

....a level of service while moving through different organizational domains. Security. The simplest method in a global environment makes every principal responsible for its own security. This is not a bad idea, as AT T s experiences show that a server should not necessarily trust its portmapper [3, 13]. Similarly, it should not be up to a directory object to provide security for the client and server objects with which it conducts transactions. A potential security hole exists: if the client subsystem can respond with whatever information a server object requests, the enduser could become ....

S. M. Bellovin. "There be Dragons." Tech. Rep., AT&T Bell Laboratories, August 1992. ftp://ftp.research.att.com/ dist/internet_security/dragon.ps.

....Application Conference 1 Introduction Computer systems are vulnerable to attacks. Despite the best effort to uncover and remove security errors, vulnerabilities in computer systems still exist, enabling outside attackers to gain entry to systems and inside attackers to exploit their privileges [3, 4]. Vulnerabilities in privileged programs (e.g. setuid root programs in Unix, such as rdist, sendmail, and fingerd) have been one of the major techniques for attackers to obtain necessary privileges to accomplish their missions. These programs run with high privileges that allow them to bypass the ....

S. M. Bellovin. There be dragons. Proceedings of 1992 USENIX Security Symposium, September 1992.

....detection as background for our work. Readers who are already familiar with these topics may skip this section. 2.1 Intrusions Intrusions in computer systems are occurring at an increasingly alarming rate. Some sites report that they are the targets of hundreds of intrusion attempts per month [3]. Moreover, there are numerous different intrusion techniques used by intruders [28] The following scenarios are examples of intrusions: ffl An employee browses through his her boss employee reviews; ffl A user exploits a flaw in a file server program to gain access to and then to corrupt ....

S. M. Bellovin, "There Be Dragons," Proc., Third USENIX UNIX Security Symposium, Baltimore, MD, pp. 1-16, September 1992.

....access to system resources. A broad range of attacks designed to circumvent this barrier exist, including password guessing, trojan horses, modifying the kernel by compromising the network or disk, and taking advantage of kernel bugs. Denning and Denning [Denning and Denning, 1979] and Bellovin [Bellovin, 1992] provide overviews of some general techniques, and Haynes and Kelly [Haynes and Kelly, 1992] examine the issues in the context of file system security. 123 6.1.1.1. Compromising Client Kernels If the kernel on a client machine is compromised in any of the file systems, the data of any user ....

Bellovin, S. (1992). There be Dragons. In USENIX Unix Security III, pages 1--16.

....This first attempted defense, developed at the University of Berkeley, CA , consists of modifications of the r command daemons. The idea is to validate the inverse mapping tree by looking at the corresponding node on the forward mapping tree. S. Bellovin describes the method used by the patch in [Bel92] as follows: To detect this, we perform a cross check; using the returned name, we do a forward check to learn the legal address for that host. If that name is not listed, or if the addresses do not match, alarms, gongs, and tocsins are sounded. The fix is easily installed and not very complex. ....

Steven M. Bellovin. There Be Dragons. In UNIX Security Symposium III Proceedings, pages 1--16, Baltimore, MD, 1992.

....the world. 1 Introduction For security reasons, AT T s connection to the Internet is via a pair of application gateways[Che90] To maintain the security of the gateways, we monitor them for attempted intrusions[Che92] Recently, we have also started looking for more inventive penetration attempts[Bel92b]. We have indeed found such behavior. While looking, though, we noticed a surprising amount of other anomalous behavior, packets that do not appear to indicate an attempted break in, but are worthy of attention nevertheless. We are currently running three types of broad spectrum monitors. First, a ....

....can be distributed electronically. Connections span the globe. But the very success of the Internet makes some bugs invisible. Because of our monitoring, we are able to spot certain classes of misbehavior that are, in general, not seen. Unfortunately, unlike our security logging recommendations[Bel92b], many of the techniques discussed here are not practical elsewhere. Trying to analyze bogus IP destination addresses on a busy Ethernet cable does not work, for example. But the underlying problems they are symptomatic of have not thereby gone away. We therefore suggest that, difficulties ....

Steven M. Bellovin. There be dragons, January 1992. In preparation.

No context found.

Steven M. Bellovin, "There be dragons," in Proceedings of the Third Usenix UNIX Security Symposium, 1992, http://www.research. att.com/smb/papers/dragon.pdf.

No context found.

S. M. Bellovin, "There Be Dragons," in Proceedings of the Third Usenix Security Symposium, 1992.

No context found.

Steven M. Bellovin. There Be Dragons. In USENIX Security Symposium III Proceedings, pages 1--16. USENIX Association, September 14-16 1992.

No context found.

S. Bellovin, "There Be Dragon", USENIX: Proceedings of the Third Usenix Security Symposium, Baltimore, MD. September, 1992.

No context found.

S. M Bellovin, "There be dragons," Proceedings of 1992 USENIX Security Symposium, pp. 1-16, September 1992.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC