Stoll, C.: The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage. Pocket Books (2000)  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... 1: Stepping Stone Monitor host, figuring out each predecessor in the chain step by step (based on whatever log records may be available at each stepping stone site) For discussion of the use of stepping stone attacks in high profile cases and the di#culty of unraveling them see for example [6] or [3] An alternate paradigm for stepping stone detection entails the installation of a stepping stone monitor at the network access point of an organization (such as a university or other substantial local network) The monitor analyzes properties of both incoming and outgoing tra#c looking ....

Cli#ord Stoll. The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage. Pocket Books. October 2000.

.... Characteristics of data to be collected as evidence Physical location Whether it is a distributed denial of service [17] a fast moving worm a ecting thousands of hosts [37] or an astronomer tracking down a 75 cent accounting error leading to evidence of hacking and international espionage [39], system administrators use many sources of data to identify and implement a solution to a problem. RFC 3227 [2] Guidelines for Evidence Collection and Archiving, identi es many locations of evidence: Here is an example order of volatility for a typical system. registers, cache routing ....

Cliord Stoll. Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. Pocket Books, 1989.

....information to interested members of the Internet community. Passwords, which are vulnerable to passive attack, are not strong enough to be appropriate in the current Internet [CERT94] Further, there is ample evidence that both passive and active attacks are not uncommon in the current Internet [Bellovin89, Bellovin92, Bellovin93, CB94, Stoll90]. The authors of this paper believe that many protocols used in the Internet should have stronger authentication mechanisms so that they are at least protected from passive attacks. Support for authentication mechanisms secure against active attack is clearly desirable in internetworking ....

Stoll, C., "The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage", Pocket Books, New York, NY, 1990.

....of government computing resources from unauthorized use . Sensitive information and intellectual properties must be protected from unauthorized disclosure, modification, or destruction. The vulnerability of information that is accessible from or transmitted across the Internet is welldocumented (Stoll 1990; Bellovin 1992, 1993; CERT 1994; Cheswick and Bellovin 1994) Perhaps the most significant threat is the capability of any networked workstation to eavesdrop on network traffic. This could lead to the capture and exploitation of user authentication information. For example, the rash of computer ....

Stoll, C. 1990. The Cuckoo's Egg: Track ing a Spy Through the Maze of Computer Espionage, Pocket Books, New York, New York.

....weaknesses that they regard as posing serious risks in widely used Internet systems and components. They range from password guessing to attacks on the programs that perform the network time protocol or handle mail transmission. Some of these have led to successful and well publicized attacks [Stoll 1989, Spafford 1989] and many of them have been exploited for mischievous or criminal purposes. When the Internet and the systems that are connected to it were designed, security was not a priority. The designers probably had no conception of the scale to which the Internet would grow, and the basic ....

Stoll, C. (1989), The Cuckoo's Egg: Tracking a Spy Through a Maze of Computer Espionage. New York: DoubleDay.

....the number of messages grows exponentially until the network halts. Another risk is that unprotected systems may be used as an entry point into other inadequately protected but sensitive systems. The case of the German hackers who obtained access to many sensitive systems illustrated this risk (Stoll, 1989). They used unprotected systems as bases from which to probe systematically for security weaknesses in other more sensitive systems, with a surprisingly high degree of success. This resulted not only in the exposure of confidential information, but also in extra costs for several sites who only ....

Stoll, C. (1989). The cuckoo's egg: tracking a spy through a maze of computer espionage.

....systems may be used as an entry point into other inadequately protected but sensitive systems. For example German hackers used unprotected systems as bases from which to probe systematically for security weaknesses in other more sensitive systems, with a surprisingly high degree of success (Stoll, 1989). The communications network used by distributed components to exchange information may also be subject to malicious or accidental threats, e.g. eavesdropping, recording and replay of messages, and the malicious modification or accidental corruption of messages. In certain cases protection against ....

Stoll, C. (1989). The cuckoo's egg: tracking a spy through a maze of computer espionage.

....guaranteed (since the entire machine, including the secure coprocessor, may be destroyed) The logs, however, can be made tamper evident. This is important for detecting intrusions. Experience shows that skilled attackers will attempt to forge system logs to eliminate evidence of penetration (see [94] for an interesting case study) The privacy and integrity of the system accounting logs and audit trails can be guaranteed simply by holding them inside the secure coprocessor. However, it is awkward to have to keep all logs inside the secure coprocessor since they can grow very large and ....

Clifford Stoll. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. Doubleday, New York, 1989.

....file server ringer.softy.org 192.193.194.64 workstation groundzero.softy.org 192.193.194.65 workstation All are running some derivative of 4.2bsd or 4.3bsd, such as SunOS, and all trust each other via etc hosts.equiv files. The attacker, whom we shall dub Cuckoo in honor of Cliff Stoll s book [Sto89], is coming from machine cracker.ritts.org, 150.151.152.153. The essence of the basic attack relies on the nature of the address to name mapping. As noted above, this mapping uses an independent DNS tree. Assume that the inverse mapping record for 150.151.152.153 is changed from the correct ....

Cliff Stoll. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. Doubleday, New York, 1989.

....is more appropriate, though those of a classical bent may prefer Vandals , or even Goths or Visigoths . these log the request, and initiate counterintelligence strategies to learn something about the source of the request. We are certainly not the first ones to attempt to trick attackers[Sto88, Sto89, HM91]. But our motivation is somewhat different. We do not expect to prosecute, because (we hope) no damage will occur to our machines. This is not to say that the attackers do not try such things; see, for example, Che92] Nor, in general, do we care much about the identity of any particular ....

C. Stoll. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. Doubleday, 1989.

No context found.

Stoll, C.: The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage. Pocket Books (2000)

No context found.

C. Stoll. The Cuckoo's egg: Tracking a Spy through a Maze of Computer Espionage. Doubleday, New York, 1989. 10

No context found.

Cli#ord Stoll. The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage. Doubleday, 1989.

No context found.

Stoll, C 1991, The cuckoo's egg : tracking a spy through the maze of computer espionage, Pan Books, London.

No context found.

Stoll, C.: The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage. Pocket Books (2000)

No context found.

Cliff Stoll. The Cuckoo's Egg : Tracking a Spy Through the Maze of Computer Espionage. Doubleday, 1989.

No context found.

C. Stoll, The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. Garden City, NY: Doubleday, 1989. ISBN 0-38524946 -2.

No context found.

Clifford Stoll, The Cuckoo's Egg - Tracking a spy through the maze of computer espionage, Doubleday, 1989, 326pp, ISBN 0-370-31433-6.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC