************************************************************************** Security Bulletin 9702 DISA Defense Communications System March 20, 1997 Published by: DISN Security Coordination Center (SCC@NIC.MIL) 1-(800) 365-3642 DEFENSE INFORMATION SYSTEM NETWORK SECURITY BULLETIN The DISN SECURITY BULLETIN is distributed by the DISN SCC (Security Coordination Center) under DISA contract as a means of communicating information on network and host security exposures, fixes, and concerns to security and management personnel at DISN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.MIL [207.132.116.5] using login="anonymous" and password="guest". The bulletin pathname is scc/sec-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. scc/sec-9615.txt). These are also available at our WWW site, http://nic.mil. ************************************************************************** + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ! ! ! The following important bulletin was issued by the Automated ! ! Systems Security Incident Support Team (ASSIST) and is being ! ! relayed unedited via the Defense Information Systems Agency's ! ! Security Coordination Center distribution system as a means ! ! of providing DISN subscribers with useful security information. ! ! ! + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + -----BEGIN PGP SIGNED MESSAGE----- <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Automated Systems Security Incident Support Team _____ ___ ___ _____ ___ _____ | / /\ / \ / \ | / \ | | / Integritas / \ \___ \___ | \___ | | < et /____\ \ \ | \ | | \ Celeritas / \ \___/ \___/ __|__ \___/ | |_____\ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Bulletin 97-01 Release date: March? Subject: ASSIST Information Resources. To facilitate the timely distribution of security-relevant information to DoD sites worldwide, ASSIST provides: 1. An electronic bulletin board system (BBS) 2. An anonymous File Transfer Protocol (FTP) system 3. A web site (WWW) 4. A mailing list with up to date security related bulletins This ASSIST bulletin provides information about the services that we offer the DOD community and how to access them. Please call the ASSIST Hotline at either 1-800-357-4231 (Comm) or 327-4700 (DSN) or send mail to assist@assist.mil, when encountering any difficulty accessing our BBS, FTP, or WWW site. _____________________________________________________________________ ASSIST BBS The ASSIST BBS is a dial-up system that can be reached via modem at 703-607-4710, DSN 327. The BBS is an open system, and users will be prompted to set up an account during the initial call to the system. The vast majority of the files are available for unrestricted viewing and downloading by any user of the BBS. The IBM Antivirus (IBMAV) file area and the Norman anti-virus file area are restricted to access by users who have been verified as being DoD affiliated personnel. The verification process is required to fulfill terms of the licensing agreement with IBM and Norman for use of the IBMAV and Norman AV software. A program called VDOC (freeware to DoD members), which scans for macro viruse, is also contained in the IBMAV file area. ASSIST verifies DoD affiliation by performing a call back to a DSN phone number provided by the person making the request, or through some other arrangement. Once verified, access is granted to the IBMAV file area by an ASSIST BBS system administrator. Users who have questions or problems while on the BBS should go to the "Message Menu" and leave a message for "sysop". To login to the ASSIST BBS you will need: * Personal Computer (PC). * Modem (baud rates up to 28.8 are supported). * Communications software such as Procomm, Procomm+, Smartcom II or III, Crosstalk, etc. * Communication software settings should be: - Data bits: 8 - Stop bits: 1 - Parity: None - Duplex: Full - Terminal emulation: ANSI, VT series or IBM PC are the most common. * File download/upload protocols supported include xmodem, zmodem, ymodem, and ASCII. After you connect to the BBS the first time, the software will prompt you for the necessary input to set up an account. The following is a list of the BBS file areas and a description of content. A detailed listing of file names and descriptions can be viewed by selecting "F" while in the "Main Menu" to switch to the "File Menu", then selecting "L" to list files. File area 1 - ASSIST Bulletins 1991. File area 2 - ASSIST Bulletins 1992. File area 3 - ASSIST Bulletins 1993. File area 4 - ASSIST Bulletins 1994. File area 5 - ASSIST Bulletins 1995. File area 6 - ASSIST Bulletins 1997. File area 7 through 9 - Reserved for future ASSIST Bulletins. File area 10 - DOS Security Tools. File area 11 - UNIX Security Tools. File area 12 - Network Security Tools. File area 13 - Miscellaneous Security Tools. File area 14 - General Security Information. File area 15 - DISSPatch Newsletters. File area 16 - Security Publications, Policies, Regulations, Standards. File area 17 - CHIPS - Navy Computer Security Newsletter. File area 18 - The National Computer Security Center Rainbow Series. File area 19 - IBM Anti-Virus (area restricted to DoD only) File area 20 - INFOSEC Related Training and Conferences. File area 21 - NIST Computer Systems Lab (CSL) bulletins. File area 22 - For File uploads to ASSIST, accessible by BBS admin personnel only. All files are reviewed by ASSIST before being made available to BBS users. File area 23 - Norman anti-virus software. (area restricted to DoD only) File area 24 - Reserved for future ASSIST data. File area 25 - Virus-L 1995 Issues _____________________________________________________________________ ANONYMOUS FTP SITE ASSIST has an anonymous FTP system that is available to every DoD system registered with the Defense Data Network (DDN) Network Information Center (NIC), or local Domain Name Server (DNS). The FTP file system is identical to that of the BBS with a few minor exceptions. Messages cannot be left for ASSIST using FTP, but messages can be sent via Milnet e-mail to assist@assist.mil. Milnet users can access the system by FTPing to Milnet address ftp.assist.mil (IP 199.211.123.12), and entering anonymous as the user ID and their e-mail address as the password. If the user sees the message "421 Connection refused by remote host", ftp.assist.mil did not resolve the incoming address as a .mil. If the user sees the message "Connection timed out", ftp.assist.mil could not determine whether or not the incoming address was a .mil in the allotted time. Our FTP site will attempt to resolve the incoming FTP address via DNS. If this fails, then our server will try to match the incoming FTP address with the NIC's database. You must be using a system with a .mil address to access our FTP site. If you still have trouble accessing our site, call our hotline for help. Users attempting to access our site from a 3b2 system need to call our hotline so we can disable our banners. In addition, certain Windows NT clients have been known to cause problems. In either case, call our hotline so we can make the appropiate changes so you can access our system. To access the ASSIST anonymous FTP system: Connected to ftp.assist.mil. 220- 220-USE OF THIS OR ANY OTHER DEPT. OF DEFENSE INTEREST COMPUTER SYSTEM 220-(DODICS) CONSTITUTES AN EXPRESS CONSENT TO MONITORING AT ALL TIMES. 220-THIS DODICS AND ALL RELATED EQUIPMENT ARE TO BE USED FOR THE 220-COMMUNICATION, TRANSMISSION, PROCESSING, AND STORAGE OF OFFICIAL U.S. 220-GOVERNMENT OR OTHER AUTHORIZED INFORMATION ONLY. ALL DODICS ARE 220-SUBJECT TO MONITORING AT ALL TIMES. IF MONITORING OF ANY DODICS 220-REVEALS POSSIBLE VIOLATION OF CRIMINAL STATUTES, ALL RELEVANT 220-INFORMATION MAY BE PROVIDED TO LAW ENFORCEMENT OFFICIALS. 220- 220-This server is restricted to DNS registered *.MIL sites. 220- 220-If you do experience service problems, contact: 220-ASSIST at 1-800-357-4231 or ASSIST@assist.mil 220- 220 info FTP server (Version wu-2.4(2) Tue Sep 13 14:47:23 EDT 1994) ready. Name (ftp.assist.mil:): * Then type: anonymous * System will then display: 331 Guest login ok, send your complete e-mail address as password. Password: * Then type: The anonymous FTP resource is a Unix system. Type: ls -l to list the files in a directory, and cd to change from the current directory to another directory called directory-name. To download a file, type: get to download a file identified as file-name. The default file type is ASCII. If you are downloading a binary file (i.e. an executable or encrypted), change to binary mode first by typing: binary To change back to ASCII, type: ascii After a successful login, a directory listing (ls -l) will show the following: - -rw-r--r-- 1 root 1543 Jan 14 20:22 .login.msg lrwxrwxrwx 1 root 16 Jul 19 1996 army.toolbox -> pub/army.toolbox - -rw-r--r-- 1 root 803 Aug 7 1995 assist.pgp d--x--x--x 2 root 512 Apr 15 1996 bin drwxr-sr-x 2 root 512 Jul 17 1996 dev d--x--s--x 2 root 512 Dec 17 1993 etc drwxrws-wx 5 root 1024 Mar 6 02:45 incoming drwxrws--x 8 root 512 Feb 18 22:27 outgoing drwxrwsr-x 10 root 512 Mar 4 23:43 pub 226 Transfer complete. remote: -l 513 bytes received in 0.066 seconds (7.6 Kbytes/s) Next, change directory to pub (cd pub) where a directory listing (ls -l) will show the following. NOTE: Each directory has a .message file that contains file names and descriptions for that directory. dr-xr-sr-x 2 root 512 Mar 4 23:43 NCIS drwxrwsr-x 5 root 512 Feb 6 18:39 antivirus drwxrwsr-x 4 root 512 May 17 1996 army.toolbox drwxrwsr-x 9 root 512 Sep 21 16:59 bulletins drwxrwsr-x 3 root 512 Jul 18 1996 ciss drwxrwsr-x 2 root 1024 Aug 6 1996 dos_utils drwxrwsr-x 10 root 512 Dec 11 22:01 info - -rw-rw-r-- 1 root 635 May 14 1996 readme.1st drwxrwsr-x 19 root 512 Dec 18 17:56 tools 226 Transfer complete. remote: -l 498 bytes received in 0.0069 seconds (71 Kbytes/s) Directories of interest include: Directory /pub/NCIS/: Utility provided by NCIS to scan your system for objectionable images and sound files. Part of "Protecting your Children in Cyberspace initiative." Directory /pub/antivirus/: Several up to date antivirus programs including IBMAV and Norman AV. Directory /pub/bulletins/: ASSIST Security Bulletins sorted by year. Directory /pub/dos_utils/: General DOS based tools Directory /pub/info/: General Information including CHIPS Navy computer security newletters, NIST bulletins, and various policy documents. Directory /pub/tools/: Security tools for various hardware/software platforms. Included are subdirectories for Digital Encryption Standard (DES) software, The Security Profile Inspector (SPI) for UNIX (in encrypted form, DES key available from ASSIST), and the Security Products Database Read Only Catalog (SPD/ROC). _____________________________________________________________________ WORLD WIDE WEB SITE Our Web site has undergone a significant face lift and is easier to use than ever. Set you browser to open: "http://www.assist.mil". Our Web site provides the DOD community with an easy to use and useful interface for accessing our archived bulletins, antivirus software, security tools, as well as links to other sites that might be useful. This is also the easiest way to interface our FTP site. While our web site is not restricted to the DOD community, many of the tools than are available on the site are. Thus if you have trouble downloading some of the software, see the above section concerning our FTP site restrictions. The same restrictions apply to any software downloaded from our web site. _____________________________________________________________________ SECURITY BULLETINS INFORMATION Our security bulletins are the best way that we can alert the DOD community of time sensitive security alerts. They may contain virus alerts, newly announced vulnerabilities and fixes, as well as other useful information. Our bulletins are not released on a fixed schedule, but instead as the need arises. We encourage any DOD personnel responsible for maintaining the integrity of a DOD information system to subscribe to our mailing list so that our information may reach the widest audience possible as quickly as possible. To subscribe: send mail to assist-request@assist.mil with the word SUBSCRIBE followed by the e-mail address that you wish the bulletins to go to. _____________________________________________________________________ CONTACT INFORMATION The ASSIST Hotline is manned 24 hours a day 7 days a week. We may be contacted at (800) 357-2431 (Comm) or 327-4700 (DSN) or mail can be sent to assist@assist.mil. Secure communication is also available upon request. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ASSIST is an element of the Defense Information Systems Agency (DISA), Countermeasures, which provides service to the entire DoD community. Constituents of the DoD with questions about ASSIST or computer security issues, can contact ASSIST using one of the methods listed below. Non-DoD organizations/institutions, contact the Forum of Incident Response and Security Teams (FIRST) representative. To obtain a list of FIRST member organizations and their constituencies send an email to docserver@first.org with an empty "subject" line and a message body containing the line "send first-contacts". ASSIST Information Resources: To be included in the distribution list for the ASSIST bulletins, send your Milnet (Internet) e-mail address to assist-request@assist.mil. Back issues of ASSIST bulletins, and other security related information, are available from the ASSIST BBS at 703-607-4710, 327-4710, and through anonymous FTP from ftp.assist.mil (IP address 199.211.123.12). Note: ftp.assist.mil will only accept anonymous FTP connections from Milnet addresses that are registered with the NIC or DNS. If your system is not registered, you must provide your MILNET IP address to ASSIST before access can be provided. ASSIST Contact Information: PHONE: 800-357-4231 (or 703-607-4700 DSN 327), duty hours are 24 hours a day, 7 days a week, 365 days a year. ELECTRONIC MAIL: Send to assist@assist.mil. ASSIST BBS: Leave a message for the "sysop". ASSIST uses Pretty Good Privacy (PGP) as the digital signature mechanism for bulletins. PGP incorporates the RSAREF(tm) Cryptographic Toolkit under license from RSA Data Security, Inc. A copy of that license is available via anonymous FTP from net-dist.mit.edu (IP 18.72.0.3) in the file /pub/PGP/rsalicen.txt. In accordance with the terms of that license, PGP may be used for non-commercial purposes only. Instructions for downloading the PGP software can also be obtained from net-dist.mit.edu in the pub/PGP/README file. PGP and RSAREF may be subject to the export control laws of the United States of America as implemented by the United States Department of State Office of Defense Trade Controls. The PGP signature information will be attached to the end of ASSIST bulletins. Reference herein to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by ASSIST. The views and opinions of authors expressed herein shall not be used for advertising or product endorsement purposes. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMzCObdH6sbnW3Io9AQG4HgQAsKmTIUkcByeW4fUz02GiEPeMc0RC8xPY buup4V51nnIWgKaAy7X2xTnoIxA2iQ4clc9N+ef9dzGiv9NWxSTZSL+1ATMKTadi iSl6Q1rDsmEz8IGBLk+f5sXt31fZ+SNbIKCW6bFcgOgeUBEquLM4QgmoOjaaQjsz Ecgexdhj/PA= =hP+d -----END PGP SIGNATURE----- **************************************************************************** * * * The point of contact for NIPRNET security-related incidents is the * * ASSIST: * * * * E-mail address: ASSIST@ASSIST.MIL * * * * Telephone: 1-(800)-357-4231 (24 hours/day) * * * * You may also contact the Security Coordination Center (SCC) at the * * NIC: * * * * E-mail address: SCC@NIC.MIL * * * * Telephone: 1-(800)-365-3642 * * * * NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, * * Monday through Friday except on federal holidays. * * * **************************************************************************** PLEASE NOTE: Some users outside of the DOD computing communities may receive DISN Security Bulletins. If you are not part of the DOD community, please contact your agency's incident response team to report incidents. Your agency's team will coordinate with DOD. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained by sending email to docserver@first.org with an empty subject line and a message body containing the line: send first-contacts. This document was prepared as an service to the DOD community. Neither the United States Government nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government. The opinions of the authors expressed herein do not necessarily state or reflect those of the United States Government, and shall not be used for advertising or product endorsement purposes.