UCRL-MA-119769 Accessing the CIAC Computer Security Archive CIAC-2302 R.1 by the Members of the CIAC Team January, 1995 DISCLAIMER This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. Work performed under the auspices of the U. S. Department of Energy by Lawrence Livermore National Laboratory under Contract W-7405-Eng-48. Table of Contents INTRODUCTION What is CIAC? Overview CIAC Archive Contents The BBS Server The Anonymous FTP Server The World Wide Web Server Which Server to Use QUICK-START GUIDE FOR ADVANCED USERS Using the CIAC Archive BBS Server Getting Started When You Connect Scanning Downloaded Software Shareware Using the CIAC Archive Anonymous FTP Server Using FTP When You Connect Using the CIAC Archive WWW Server Using the WWW Server Connecting to the WWW Server CIAC ARCHIVE USERÕS GUIDE Using the BBS Server Getting Started Communication Settings BBS Modem Numbers Line Speeds Using a Hayes or Hayes-Compatible Modem Installing the Modem Testing Your Configuration Trouble-shooting Connecting to the BBS When You Connect Using a Non-Hayes-Compatible Modem Logging On to the CIAC BBS Using a Hayes-Compatible Modem About Downloading Protocols Obtaining Files From the CIAC BBS Downloading to a Macintosh Unpacking Compressed Archive Files For PC Users For Macintosh Users Using the Anonymous FTP Server Access Requirements Using FTP Trouble-shooting When You Connect Locating Files Listing Directories Changing Directories Accessing CIAC Files Contents of CIAC Files Accessing CIAC Bulletins Contents of the Bulletin Directory Accessing Virus Information Downloading a Text File from the ÒpcvirusÓ Directory Downloading a Binary File Closing FTP and Quitting the Session Using the WWW Server Internet Access Mosaic Availability Downloading Mosaic Using FTP When You Connect Downloading Mosaic Using Mosaic Connecting to CIAC Downloading CIAC Files Using Mosaic A Few Final Words APPENDIX A COMMANDS FOR HAYES AND HAYES-COMPATIBLE MODEMS INTRODUCTION What is CIAC?: CIAC is the U.S. Department of EnergyÕs (DOE) Computer Incident Advisory Capability. Established in 1989Ñshortly after the Internet WormÑCIAC provides various computer security services free of charge to DOEÕs employees and contractors. CIAC services include: ¥ incident handling consulting ¥ computer security information ¥ onsite workshops ¥ white-hat audits Overview: CIAC maintains an archive of computer security information for the DOE community. You can obtain documents and software in this archive through several access servers. This guide describes how to connect to these systems and obtain files from them. This guide updates and replaces the previous CIAC-2302 guide entitled The FELICIA Bulletin Board System and the IRBIS Anonymous FTP ServerÑ Computer Security Information Sources for the DOE Community. CIAC Archive Contents: The CIAC archive contains a variety of useful information, including: ¥ publicly available CIAC, CERT, NIST, NASA, and DDN security bulletins ¥ virus descriptions, the VIRUS-L moderated virus news service and bulletin board, and copies of public domain and shareware virus- detection/protection software ¥ copies of useful public domain and shareware security-related utility programs ¥ Chris McDonaldÕs computer security Journal ¥ The Hack Report ¥ reviews of anti-virus software and books by Slade and McDonald ¥ computer security conference announcements ¥ vendor descriptions of computer security software CIAC continually adds useful computer security information and software to the archive. CIAC welcomes any suggestions for additions to the archive. The BBS Server: You can access the CIAC Bulletin Board System (BBS) via telephone with a modem. This system provides you with menus for selecting traditional BBS features. In the future, CIAC will make the BBS available over the Internet using Telnet. The Anonymous FTP Server: Anonymous FTP access to the CIAC archive is available over the Internet at ciac.llnl.gov. To obtain information using the anonymous FTP server, you must have Internet access and be able to run FTP: E-mail access to the Internet is not sufficient. Using FTP, you can access the directory structure of the server. To locate files, you use the directories and 0- index.txt text files. Downloading information using the anonymous FTP server is much faster than using the BBS. The World Wide Web Server: The most convenient access to the CIAC archive is the World Wide Web (WWW) server. A WWW client software such as NCSA Mosaic displays fully formatted hypertext documents on your screen to lead you to the information you need. Information often resides on another system. Using hypertext links, you can link to and display pages on other WWW servers by simply clicking on a word or phrase in an existing document. To use this feature, you need direct access to the Internet and a WWW client software such as Mosaic or Netscape. NCSA Mosaic and Netscape are two distributed hypermedia browsers designed for information discovery and retrieval. These tools each provide a unified interface to the diverse protocols, data formats, and information archives used on the Internet. NCSA Mosaic is available by anonymous FTP from ftp.ncsa.uiuc.edu (141.142.20.50). NetscapeÕs address is http://home.mcom.com/home/welcome.html. Which Server to Use: If you have Internet access and want to browse through the information available, the WWW server is the most useful. If you have a specific file you need to download and know where it is located, the anonymous FTP server is the fastest. If you do not have access to the Internet, the BBS is your only option. If you want to join into DOE online discussions of security outside of the Internet newsgroups, use the CIAC BBS. Contact Bob CaldwellÕs office at DOE Headquarters in Germantown for a user ID. QUICK-START GUIDE FOR ADVANCED USERS Using the CIAC Archive BBS Server: Getting Started: The CIAC archive BBS server is connected to the telephone system. To access the server with a modem and a terminal, set up your system as 8- bit, no parity, and one stop-bit. The access numbers are: ¥ (510) 423-4753Ñ14.4K baud (V.32, V.42bis) and slower ¥ (510) 423-3331Ñ9600 baud (V.32) and slower ¥ (510) 423-9885Ñ19.2K baud ISDN within LLNL When You Connect: The first time you call, you must register your name and address. Once you are registered, you can go directly to the file and message areas. To download or read files, switch to the file section and follow the instructions to download files. Most of the popular downloading protocols are supported, including XMODEM, YMODEM, SEALink, and KERMIT. Scanning Downloaded Software: For any software you obtain, you should exercise caution and scan individual software before using it for the first time. NOTE: Unless otherwise indicated, all software in the CIAC archive has been scanned for known viruses. However, you should scan all downloaded software again with the most recent version of a virus-scanning tool. Be sure to scan archived applications after they have been extracted from the .ZIP, .ARC, or .SIT archive, as most scanning software cannot detect a virus in an application while it is still within an archive. Shareware: If you are using a shareware package downloaded from the CIAC archive or from any other source, be sure to follow the instructions in the package for compensating the author. The cost is generally minimal ($10 to $50) for some very useful applications. Using the CIAC Archive Anonymous FTP Server: Using FTP: The CIAC archive anonymous FTP server is available on the Internet. Type one of these commands to run FTP and connect to ciac.llnl.gov: ftp ciac.llnl.gov OR ftp 128.115.19.53 When You Connect: Follow these steps to use the anonymous FTP server: 1. At the Username: prompt, type anonymous. If you do not see this prompt, type user anonymous. 2. At the Password: prompt, type your E-mail address (for example, jdoe@llnl.gov). All the computer security-related files and documents are in subdirectories of the directory Ò/pub/ciacÓ. 4. To download files, use the ÒgetÓ or ÒmgetÓ command. The file Ò0- index.txtÓ in each directory lists the files in that directory and briefly describes their contents. The file Òwhatsnew.txtÓ in the Ò/pub/ciacÓ directory contains a list of the new files placed in the archive. Using the CIAC Archive WWW Server: Using the WWW Server: To access the CIAC archive WWW server, use a Web client software such as NCSA Mosaic or Netscape. Connecting to the WWW Server: Follow these steps to access CIAC archive information from the CIAC home page using Mosaic (the Netscape procedure is similar): 1. Start Mosaic and select Open URL on the File menu. 2. In the dialog box, type the URL address http://ciac.llnl.gov/. 3. When the home page opens, select Add this Document on the Hotlist menu to save the URL for rapid future access to the CIAC archive. CIAC ARCHIVE USERÕS GUIDE Using the BBS Server: Getting Started: To access the BBS Server, you need a modem and either a terminal such as a VT100 or a Macintosh or PC running terminal emulation software. The best solution is a Macintosh or a PC running terminal emulation software: with this configuration, in addition to communicating with the BBS, you can download documents and software to your computer. Terminal emulation programs for the Macintosh include VersaTerm and VersaTerm Pro and shareware programs such as ZTerm or MicroPhone. For the PC, Qmodem is shareware, and Procomm is available in both shareware and commercial versions. The Windows 3.1 system includes a terminal emulation program. Communication Settings: The terminal or computer must be attached to a modem and the modem must be attached to the telephone network. Set up the terminal or terminal software for 8 bits, no parity, 1 stop bit. Your terminal manual will describe how to do this. Most terminals have a setup feature where you can set these parameters. You must also set the speed (known as the baud rate) at which information is sent to the modem. Common modem speeds are 110, 300, 1200, 2400, 9600, 14.4K, and 19.2K baud. The speed in characters-per- second is roughly the baud rate divided by 10, so 110 baud is about 11 characters, or about one word per second, while 1200 baud is about one line per second. The available speeds depend on your modem, the BBS modem, and the amount of ÒnoiseÓ on the telephone lines. You should generally use the highest speed compatible with both modems. Most older modems operate at 1200 baud. Newer modems operate at 9600 baud, 14.4K baud, or faster, but they can operate at slower speeds if the foreign modem (the one at the other end of the telephone connection) cannot run that fast. With newer modems, set your terminal to communicate with your modem at the highest speed allowed. Your modem automatically negotiates the best speed with the foreign modem and slows down your transmissions (by buffering your input) to match. Newer modems also automatically compress and decompress data to increase the apparent speed. BBS Modem Numbers: The CIAC BBS currently has two modems attached to it, plus ISDN service within LLNL. The CIAC BBS modem numbers are: ¥ (510) 423-4753Ñ14.4K baud (V.32, V.42bis) and slower ¥ (510) 423-3331Ñ9600 baud (V.32) and slower ¥ (510) 423-9885Ñ19.2K baud ISDN access within LLNL Line Speeds: CIAC BBS modems are capable of MNP data compression/decompression, so you may be able to get an apparent access rate well in excess of the rated speed if you have a compatible modem. If not, the modems can accommodate most slower modems and protocols. The ISDN LLNL dataphone operates at high speed (19.2K baud). Using a Hayes or Hayes-Compatible Modem: This section shows you how to install, test, and trouble-shoot a Hayes or Hayes-compatible modem. Installing the Modem: If you have a terminal and a modem, the first step is to connect them together. You must have the right cable: different terminals and computers require different cables. In this configuration, the modem is defined as a data set and the terminal as a data terminal. If you connect these two devices with a cable that has a male plug on one end and a female plug on the other, it should work. You need to adjust your connections if you are using a computer as the terminal. Some computers are wired as a data set, and plugging a data set into a data set will prevent each device from functioning properly. In this case, you need a null modem (a double-ended connector) or a short cable with connectors on each end to switch some of the wires around to make a data set appear to be a data terminal. If you do not understand RS-232, data sets, and data terminals, get help. Often the only way to determine whether a cable is correctly configured is to get a voltmeter and test each wire for its signals. Testing Your Configuration: Follow these steps to test your Hayes or Hayes-compatible modem configuration: 1. Type AT, then press . ÒATÓ is the modem command for Attention and must precede all commands to the modem. 2. If the characters ÒOKÓ appear on the screen, then you are set up correctly. Appendix A contains a list of some of the more common modem commands for Hayes and Hayes-compatible modems. Check your manual for appropriate commands for your modem. Trouble-shooting: If your modem and terminal setup does not respond or prints the number Ò0Ó, then it may have been configured to provide no response or to provide only brief responses. Follow these steps to reconfigure the setup: 1. To reset the modem, type ATZ, then press . Type the string exactly as written, even if you do not see the characters on the screen while you type them. This is the reset command, and should turn echoing on and give text responses to commands. 2. Type AT, then press . You should receive ÒOKÓ as a response. If your modem does not respond, or responds with garbage, check all your connections and the modem speed setting. If all seems well, then get knowledgeable help. Modem connection and setup are still something of a black art. Connecting to the BBS: The next step is to connect to the BBS. Use the modem to dial the telephone number listed earlier in this section that most closely matches the maximum speed of your modem. For example, if you are making a long-distance call on a Hayes-compatible modem to the first number on the list, type the dialing string ATDT 15104234753. Most modems are Hayes-compatible: if yours is not, you will have to substitute your modem commands for the commands listed throughout these instructions. NOTE: If your telephone system requires special access numbers to get an outside line (e.g., Ò8Ó or Ò9Ó), include them as well, just as if you were dialing the number at a phone. You can also include parentheses, dashes, and spaces:most modems automatically format the dialing string internally. For example, the dialing string ATDT 1 (510) 423-4753 connects to the same number as ATDT 15104234753. When You Connect: After dialing the number, your modem and the BBS will communicate for a while and negotiate the best speed for communications. The response will usually be something like ÒCONNECT 9600Ó. You are now connected to the BBS and should see the login screen. Follow these steps if you do not see the login screen: 1. Press twice. Try this once or twice, or until you see the login screen. 2. If you still do not see the login screen, possibly the BBS is down but the modem is still on. Hang upÑuse the ÒHang-UpÓ command in the terminal emulator package or physically hang up the phoneÑand call again, or try the other BBS telephone number. 3. If you still do not receive a response, call CIAC for help. Using a Non-Hayes-Compatible Modem: To use a non-Hayes-compatible modem, check your modem documentation for the appropriate commands to dial a number. Follow these steps to initialize dialing: 1. Most modems have a ÒWake-UpÓ command. For example: press or the @ key twice OR press twice, pause, then press a third time. 2. Press the appropriate command key to dial the phone (usually D). 3. Press the appropriate command to set pulse or tone dialing (usually P and T), plus commands for any pauses you may need to get through a local PBX. Logging On to the CIAC BBS Using a Hayes-Compatible Modem: Follow these steps to log on to the CIAC BBS using a Hayes-compatible modem. This example uses a 9600-baud connection. 1. Connect to your Hayes-compatible modem and type ATDT94233331. This string displays: CONNECT 9600 This screen then displays: WARNING: Unauthorized access to this computer system is prohibited. Violators are subject to criminal and civil penalties. WELCOME TO THE CIAC BBS This BBS is run by the Computer Incident Advisory Capability (CIAC). All users must register and truthfully answer the newuser questionnaire. First Name? 2. Type your first name, then follow the prompts for your last name and your location. Press after each entry. NOTE: If this is your first logon, you will be asked to set your terminal type, supply a new password and answer the ÒNew User Questionnaire.Ó Follow the instructions on the screen. You will not see this on subsequent logons. The main menu displays: CIAC BBS - Main Menu Computer Incident Advisory Capability ===================================== - WhatÕs New On The CIAC BBS - CIAC Open Forum - Bulletins and System Notices - CIAC Advisories and Bulletins - CIAC Notes Journal <2> - CIAC 2300 and other Security Documents - File Transfer Section - The Hack Report - Conference Bulletins - McDonald: Information Systems Security - Bob SladeÕs Journal - Mail - Virus Database - Recent callers oodbye ime <*>Utilities Command: 3. Type the letter within the angle brackets to make your selection. The following list shows the menu selections and their contents. Menu selection Contents Displays a bulletin containing the most recent additions to the BBS. Switches to the CIAC Forum for open discussions among CIAC BBS users. Contains some bulletins that describe CIAC and the role of this BBS. Takes you directly to the CIAC download area to read or download CIAC advisories and information bulletins. Takes you directly to the CIAC Notes download area to read or download the CIAC notes journal. <2> Takes you to the CIAC security document section to read or download CIAC 2300 series documents. Takes you to the main menu of the file-transfer section. The file-transfer section contains CIAC and other notices, virus protection software, and other public-domain and shareware utilities. Takes you to the Hack section to read or download The Hack Report, a listing of hacked and Trojaned software. Takes you to the conference section for a list of notices for computer security related conferences. Takes you to the McDonald section to read or download McDonaldÕs journal. Takes you to the Slade section to read or download Bob SladeÕs journal. Opens the mail and dialog section. You can leave mail for other users, questions for the System Operator (SYSOP) of the BBS, or participate in the Dialog open forum. Opens the virus database section. Here you can get information about different computer viruses and their characteristics. Displays a list of recent callers. Displays the amount of time you have been on the system. You are currently limited to 60 minutes a day. Leave a message for the SYSOP if you need more time. <*> Allows you to change your terminal type or password. Asks you if you want to leave a message for the SYSOP, says good-by, and hangs up. About Downloading Protocols: A downloading protocol is a method used to download a file and ensure it has downloaded correctly. The protocol you pick depends on the terminal you have and its capabilities. Most terminal emulators support XMODEM or KERMIT. While YMODEM and SuperKERMIT tend to be faster, pick the protocol you are most comfortable with. The TYPE protocol is only for short documents and simply prints the document on your terminal. For example, use TYPE to view a CIAC bulletin instead of downloading it to your computer. CIAC does not recommend using the ASCII download protocols. They are a last resort for systems that cannot use formal error-correcting protocols. Obtaining Files From the CIAC BBS: Follow these steps to download files from the CIAC BBS: 1. At the BBS main menu, type F, then press . This menu displays: CIAC BBS - File Transfer Section Computer Incident Advisory Capability ===================================== - Download Area - Upload Area - Outgoing <->Previous Menu oodbye <*>Utilities ime Command: 2. Type D, then press . This menu for the download section displays: CIAC BBS - File Download Section Computer Incident Advisory Capability ===================================== Select A Download Area From the Following List - Macintosh Files - Macintosh Utility Programs

rotocol, xamine, ew, elp, or ist Selection or to exit: 4. Type the letter within the angle brackets, then press to make your selection. The following list shows the menu selections and their contents. Menu selection Contents ownload Download one or more files to your local machine.

rotocol Change the downloading protocol. The first time you download a file, this is done automatically (see step 5). xamine View the contents in an ARC archive. ew Followed with a date, lists files newer than that date. elp Get help on these commands. ist List this directory again. 5. Type D, then press to download a file. This prompt displays: File Name? 6. Type the file name for your selection (e.g., FP-214.ZIP). The first time you download a file, the protocol menu displays: Select from the following transfer protocols: 1 - TYPE file to your screen 2 - ASCII with DC2/DC4 Capture 3 - ASCII only, no Control Codes 4 - XMODEM 5 - YMODEM/YMODEM-g 6 - YMODEM/YMODEM- g Batch 7 - SEAlink 8 - KERMIT 9 - SuperKERMIT (Sliding Windows) Choose one (Q to Quit): 7. Type the number for your selection, then press . This example shows the response for selecting the YMODEM/YMODEM-g Batch protocol for the file FP-214.ZIP: Protocol=YMODEM File FP-214.ZIP, 466 records Est. Time: 10 mins, 26 secs at 192bps Awaiting Start Signal (Ctrl-X to abort) Downloading to a Macintosh: When you are downloading to a Macintosh, be sure to set the correct version of the downloading protocol on your Macintosh. If you are downloading a text file, use the Text version of the downloading protocol (for example, Text-XMODEM, Text-YMODEM) on your Macintosh. The Text version of the downloading protocol corrects for differences in the end-of-line characters used on the PC and Macintosh systemsÑthe PC needs a ÒCR-LFÓ at the end of a line, while the Macintosh needs ÒCRÓ only). When downloading a binary Macintosh file (e.g., a program file), a formatted document, or an archive, be sure to set the MacBinary form of the protocol (e.g., MacBinary-XMODEM) on your Macintosh. If you use the Binary instead of MacBinary protocol, you can do the conversion later, using either the Apple File Exchange utility included with the Macintosh system software or an archiving program, such as StuffIt from Aladdin Systems. When you select the downloading protocol, the BBS pauses, waiting for you to enter a Òstart signalÓ at your terminal. Start your local download: if all goes well, your download will be complete in a few minutes. Unpacking Compressed Archive Files: The methods for unpacking compressed files depend upon your configuration (PC-DOS/MS-DOS or Macintosh). For PC Users: PC-DOS/MS-DOS files are either text files (.TXT), zip or arc archives (.ZIP or .ARC), or executables (.COM or .EXE). Text files and executables can be downloaded directly and used in their original form. Be sure to use a binary downloading capability such as XMODEM for the executable files and archives. On the PC, the most common archive format is .ZIP. To extract files in the .ZIP format, you need either the PKUNZIP shareware utility or a DOS Shell program (e.g., Magellan) with a built-in .ZIP archive capability. For example, to extract all the files in the FP-204A.ZIP archive into the current directory, type, pkunzip FP-204A.ZIP. If you type pkunzip without any arguments, the program will list the available command-line arguments for your selection. Self-extracting archives are executable files (.EXE). Simply run the files and they will extract automatically. For Macintosh Users: On the Macintosh, archived files are normally in StuffIt (.SIT) or Compactor/Extractor (.CPT) format. Run whichever program corresponds to the archive you want to extract. With the program running, open the archive file, select the files you want to extract, and select the Extract command (type A in StuffIt or select a menu item in Compactor). The files will be extracted to your disk. SEA files are self-extracting archives. Simply run the files and they will extract automatically. HQX files are BinHex files, a text format for a binary file. HQX files can be e-mailed. HQX files can be converted back to binary format using BinHex or Stuffit. Using the Anonymous FTP Server: Access Requirements: The CIAC archive anonymous FTP server is available via the Internet at ciac.llnl.gov, IP address 128.115.19.53. To access files on the anonymous FTP server, you must have access to the Internet and must be able to run FTP on your computer. Your SYSOP will tell you if FTP is available and whether you are connected to the Internet. Using FTP: Follow these steps to connect to the anonymous FTP server: 1. To open an FTP connection, type ftp ciac.llnl.gov OR If FTP is running, select the appropriate ÒOpenÓ command, then type ciac.llnl.gov at the ftp> prompt OR If your computer cannot find ciac.llnl.gov, type the server Internet address ftp 128.115.19.53 OR If FTP is running and your computer cannot find ciac.llnl.gov, type 128.115.19.53 at the ftp> prompt. Trouble-shooting: If you cannot successfully connect to the server, contact your SYSOP. When You Connect: Follow these steps to complete your login: 1. At the Username: prompt, type anonymous. If you do not see this prompt, type user anonymous. 2. At the Password: prompt, type your e-mail address (for example, jdoe@llnl.gov). Your password will be hidden. When you connect, this screen displays: 220 ciac FTP server (Version wu-2.4(6) Mon May 2 15:51:50 PDT 1994) ready. user anonymous 331 Guest login ok, send your complete e-mail address as password. 230- 230- This is the Ciac archive, provided and maintained by 230- the Computer Security Technology Center, Lawrence 230- Livermore National Laboratory. 230- 230- All activity is logged with your host name and email address 230- 230- If your FTP client crashes or hangs shortly after login, try 230- using a dash (-) as the first character of your password. 230- 230- Send comments/questions/problems to: ciac@llnl.gov 230- 230- 230 Guest login ok, access restrictions apply. Locating Files: The following list shows the commands you can use to move through the directory system and download files: Command Action cd Change directory. Follow this command with the path to the directory you want to access. Use Ò..Ó as the directory name to return to the previous directory or Ò/Ó to return to the login directory. ls List the file and directory names within a directory. dir Full directory listing, including file size, modification dates, ownership, and permissions. binary Change the mode for downloading files to binary. Select this command before downloading any type of file except pure text files to ensure an unmodified file. ascii Change the mode for downloading to ASCII. If you have switched to binary mode, select this command before downloading pure text files. FTP automatically changes the end-of-line characters for your computer. get Get a file. Follow this command with the name of the file you want to download to your machine. mget Multiple get. Follow this command with a file name that includes wildcard characters to select and download multiple files. The wildcard character Ò*Ó stands for any number of any characters (including none), and Ò?Ó stands for any single character. put Upload a file to the server. This command is not allowed in most directories. mput Multiple put. Upload multiple files to the server. This command is not allowed in most directories. close Close the connection to the remote machine. quit Close any connections and end FTP. ?, h, help List the available commands. Contact your SYSOP for any additional commands you may require. Listing Directories: The ÒlsÓ command lists all the files and directories in the current directory, for example: ls 200 PORT command successful. bin usr 0-index.txt dev .login_message incoming pub etc 150 Opening ASCII mode data connection for file list. 226 Transfer complete. Changing Directories: The ÒcdÓ command followed by a directory name moves you to that directory. The Ò..Ó directory name always moves you to the parent directory of the current directory. This example shows a ÒcdÓ to the public (pub) directory, then lists the files in that directory: cd pub 250 CWD command successful. ls 200 PORT command successful. spi ciac nid 150 Opening ASCII mode data connection for file list. 226 Transfer complete. Accessing CIAC Files: This example shows how to change directories to the ÒciacÓ directory and list its contents: cd ciac 250 CWD command successful. ls 200 PORT command successful. ciacdocs bulletin notes patches whatsnew.txt secdocs sectools util 150 Opening ASCII mode data connection for file list. 226 Transfer complete. Contents of CIAC Files: The following list shows the CIAC files and their contents. File name Contents ciacdocs Directory: CIAC 2300 series computer security documents. bulletin Directory: CIAC Bulletins. notes Directory: CIAC Notes journal. patches Directory: Security patches. whatsnew.txt File: Text file of new additions to the server. secdocs Directory: Computer security documents from other response teams, including conference information, and software reviews. sectools Directory: Security-related software tools and anti-virus software. util Directory: Utility programs and archiving utilities. Accessing CIAC Bulletins: This example shows how to change directories to the ÒbulletinÓ directory and list its contents: cd bulletin 250 CWD command successful. ls 200 PORT command successful. fy89 a-fy90 b-fy91 c-fy92 d-fy93 e-fy94 f-fy95 xref.txt 150 Opening ASCII mode data connection for file list. 226 Transfer complete. Contents of the Bulletin Directory: Each of the ÒbulletinÓ subdirectories contains the CIAC notices for a particular fiscal year. CIAC notices are numbered with a letter followed by a sequence number, where the letter ÒAÓ is used for fiscal year 1990, ÒBÓ for 1991, and so forth. The document Òxref.txtÓ is a text file containing a cross-reference of CIAC notices, platforms, and problem type. Each directory contains a file named Ò0-index.txtÓ containing the name of each notice and its number. Accessing Virus Information: This example shows how to change directories to the ÒpcvirusÓ directory by returning to the ÒciacÓ directory. You can also use the one-step ÒcdÓ path command Ò../sectools/pcvirus.Ó cd .. 250 CWD command successful. ls 200 PORT command successful. ciacdocs .private bulletin notes patches whatsnew.txt secdocs sectools util 150 Opening ASCII mode data connection for file list. 226 Transfer complete. cd sectools 250 CWD command successful. ls 200 PORT command successful. macvirus pcvirus atarivir 150 Opening ASCII mode data connection for file list. 226 Transfer complete.cd pcvirus 250 CWD command successful. ls 200 PORT command successful. 150 Opening ASCII mode data connection for file list. 226 Transfer complete. killmnk3.zip seclog.exe chkdate.zip 0-index.txt 21a10.zip fp-211.zip 30a06.zip clean113.zip vsig9305.zip vshl205.zip ... lines deleted ... Downloading a Text File from the ÒpcvirusÓ Directory: The ÒpcvirusÓ directory files contain descriptions of PC computer viruses and copies of virus protection software. The file named Ò0- index.txtÓ contains a list of the files and their purpose. Download this file using the ÒgetÓ command to review the directory files. This example shows how to download the Ò0-index.txtÓ file: get 0-index.txt 200 PORT command successful. 150 Opening ASCII mode data connection for 0-index.txt (14184 bytes). 226 Transfer complete. 14184 bytes received. The file is downloaded to your computer in default ASCII mode. The ASCII mode automatically changes the end-of-line characters in text files for your computer. You can read the file with any text editor. Downloading a Binary File: To download a binary file, change to binary mode. Use the ÒgetÓ command to copy the file to your computer. Use the ÒmgetÓ command followed by a file name containing wildcard characters Ò*Ó or Ò?Ó to download multiple files, where Ò*Ó stands for any number of any characters (including none) and Ò?Ó stands for any single character. For example, Òmget *.exeÓ would download copies of all of the executable files in the current directory. This example shows how to download the binary file ÒFP-214.ZIP:Ó binary 200 Type set to I. get fp-214.zip 200 PORT command successful. 150 Opening BINARY mode data connection for fp-214.zip (476162 bytes). 226 Transfer complete. 476162 bytes received. Closing FTP and Quitting the Session: Use the ÒcloseÓ command to close the connection. Use the ÒquitÓ command to close the connection and quit the session. You should receive a response: quit prompt 2. If your computer cannot find ftp.ncsa.uiuc.edu, type the server Internet address ftp 141.142.3.135 OR If FTP is running and your computer cannot find ftp.ncsa.uiuc.edu, type O 141.142.3.135 at the ftp> prompt. When You Connect: Follow these steps to complete your login: 1. At the Username: prompt, type anonymous. If you do not see this prompt, type user anonymous. 2. At the Password: prompt, type your e-mail address (for example, jdoe@llnl.gov). Your password will be hidden. When you connect, this screen displays: Guest login ok, send your complete e-mail address as password. Password: Welcome to NCSA's new anonymous FTP server! I hope you find what you are looking for. If you have any technical problems with the server, please e-mail to FTPadmin@ncsa.uiuc.edu. For other questions regarding NCSA software tools, please e-mail softdev@ncsa.uiuc.edu. The mail archive-server is fully operational. Requests go to archive-server@ncsa.uiuc.edu and send problem reports to archive-manager@ncsa.uiuc.edu Note to HyperFTP users: If you log in, and cannot list directories other than the top-level ones, enter a - as the first character of your password (e-mail address). If your FTP client has problems with receiving files from this server, send a - as the first character of your password (e-mail address). If you're FTP'ing from Delphi, please remember that the Delphi FTP client requires you to enclose case-sensitive directory and file names in double quote (") characters. You are user # 138 of an allowed 140 users. Please read the file README it was last modified on Wed Aug 24 11:35:25 1994 - 69 days ago Please read the file README.FIRST it was last modified on Mon Aug 1 10:28:27 1994 - 92 days ago Guest login ok, access restrictions apply. 3. Type cd Mosaic to change to the Mosaic directory. 4. Type ls to list the directory contents. This screen displays: IDUNNO.NCSA.UIUC.EDU>cd Mosaic ls cd Mac ls binary Type: Image, Structure: File, Mode: Stream IDUNNO.NCSA.UIUC.EDU>get NCSAMosaic200A8.PPC.hqx To local file: ncsappc.hqx

- PC files - Atari Files - CIAC 2300 and other Security Documents - The Hack Report - CIAC Documents - CIAC Notes - CERT Documents - NIST Documents - DDN Documents - NASCERT, NASA, SPAN Documents - ASSIST Documents - Virus-L Moderated News - Reviews of anti-virus software - Other useful stuff -More- <->Previous Menu oodbye <*>Utilities ime Command: 3. Type the letter within the angle brackets, then press to make your selection. NOTE: At any time, press S to stop a listing or press P to pause. For example, type P, then press to select the next menu for PC files. This screen displays: Type P to Pause, S to stop listing PC-DOS/MS-DOS VIRUS DETECTION AND PROTECTION FILES The following files and programs are for PC and compatible computers running PC-DOS or MS-DOS. Files with the .TXT extension are simple text files. They can be downloaded with Xmodem, Ymodem or ASCII. Files with the .ZIP extension are .ZIP archives, and must be extracted with PKUNZIP.EXE. PKUNZIP.EXE is in the file PKZ102.EXE, which is a self extracting .ZIP archive. Download these with a binary protocol such as Binary Xmodem or Binary Ymodem. Files with the .ARC extension are .ARC archives, and must be extracted with ARC.EXE. Note that McAfeeÕs software and HoffmanÕs virus Summary may not be used by any organization without a license. However, they may be used by individuals. Please read the license requirements in the documentation supplied with the software before using it. ------------ New Stuff for PCs ------------ FP-214.ZIP 476162 9-26-94 F-Prot antivirus v.2.14 TBAV624.ZIP 270210 9-26-94 Thunderbyte antivirus v.6.24 VSUMX408.ZIP 845837 9-26-94 HoffmanÕs Virus Summary 8/94 ... Skipped Lines... ownload,