Home page logo
/

nanog logo nanog mailing list archives

Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked
From: Milo Medin <medin () google com>
Date: Wed, 1 Feb 2012 23:37:29 -0800

Where is Milo Medin when we need him?

how would he be helping?



He would have pulled the plug.



The story is from the very early days of the internet, probably long before

NANOG existed.



Milo worked at NASA and found a cracker from Finland on one of NASAs

machines.  The link from Finland to the rest of the world went through
Norway

to NASA.  (That's THE link, there was only one link connecting all of

Scandinavia to the rest of the net.)  So Milo called the guy in Finland and

said "Please fix it".  The reply was "We can't do anything.  We respect
civil

liberties."  Soon he got the message because  he wasn't connected to the
net

any more.



If anybody has a good URL for the story, please let me know.  I found one

reference in google-books that said 1988.



Hmm, is this how people talk about you after you are dead?  J



Dave Burstein dropped me a note about this thread – I don’t usually follow
NANOG much these days.  So I figured I should respond to make sure all the
facts were straight.



Let me clarify what happened in the case of the Finnish idiot.  At the
time, I worked for NASA and among other things ran the root nameserver at
Ames (ns.nasa.gov).   We managed systems very tightly, and the root was
instrumented well and was notifying that someone at one of the larger
Finnish universities was trying the usual measures to break into the
machine.  We saw these all the time – people tried the usual tftp or other
tricks, and moved on when they didn’t get satisfaction.  But this
particular individual just kept on trying different things over the course
of a couple days, and distinguished himself as being a real pain.



So I figured I needed to take some action.   I went to the NIC database,
and called up the University’s POC for the address block, saying that one
of their students was attempting to break into a US Government computing
resource (a criminal offense) and violating the AUP of the networks that
connected them.  They refused to act – basically saying that they didn’t
feel bound by US law, blah blah, etc…  So then I called up the Nordunet
guys in Stockholm, who connected all Scandinavian countries together via a
128 Kbps link to the JVNC supercomputer center in Princeton.  As I recall,
no one returned my call or my emails, though Mats and company usually were
quite on the ball.



The probing was continuing on the root, so I decided to call my friend
Elise Gerich at the NSFnet, and ask her if she wouldn’t put in a null route
to the university in Finland in the core backbone network, figuring that
cutting off the connectivity to the university would get someone’s
attention.  She said that she would really prefer I call Sergio Heker at
Princeton, who managed the link and could install a null route there where
the link came in as a more targeted solution.



When I told Sergio what was happening (one of the root’s being attacked),
and that no one was doing anything about it, he said he would take care of
it.  Instead of installing a null route, he walked into the machine room
where the main JVNC nodes were located, walked to the satellite DSU that
connected JVNC to Stockholm, and pushed the loopback button.    So it is
really Sergio who deserves credit for this story, not me.  No more probes
on the root server.  J



I am told the following morning the grad student responsible for this was
met by a group of angry system administrators as he entered his office.
The conversation went like something this according to one of the people
there:



IT admin: Did you notice that the Internet is down today?

Student:  I noticed that – is something broken with our connection?

IT admin:  In fact, not only our university can’t talk to the Internet,
 but no one in Finland can.

Student:  Oh, really?

IT admin: In fact, no one in all of Scandinavia can reach the Internet
today.

Student: Wow, that is a big problem.  Why are talking to me about it?

IT admin:  Because it is all YOUR fault! Stop messing around with those
NASA servers!



The connection was restored later that day, and no one from Finland tried
breaking into the root anymore, at least not while I was still there at
Ames.  I don’t believe the grad student was ever jailed, though I suspect
he may have needed a fresh set of underwear that day.  This is the story as
best as I can remember it, and it was around 1990 as opposed to 1988 as I
recall.



Back in the old days, people cared about policing bad behavior.  I could
tell you tons of stories where people had to take action to keep the
routing system safe from abuse.  If there was routing braindamage, people
would just fix it.  The old AUP served as the enforcement vehicle.  Now of
course things are much more complicated, and folks are less concerned with
“public health” than honoring contracts, etc…  But it was not always this
way.



Thanks,

Milo


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault