************************************************************************** Security Bulletin 9803 DISA Defense Communications System February 4, 1998 Published by: DISN Security Coordination Center (SCC@NIC.MIL) 1-(800) 365-3642 DEFENSE INFORMATION SYSTEM NETWORK SECURITY BULLETIN The DISN SECURITY BULLETIN is distributed by the DISN SCC (Security Coordination Center) under DISA contract as a means of communicating information on network and host security exposures, fixes, and concerns to security and management personnel at DISN facilities. Back issues may be obtained via FTP from NIC.MIL [207.132.116.5] using login= "anonymous" and password="guest". The bulletin pathname is scc/sec-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. scc/sec-9705.txt). These are also available at our WWW site, http://nic.mil. ************************************************************************** + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ! ! ! The following important advisory was issued by the Automated ! ! Systems Security Incident Support Team (ASSIST) and is being ! ! relayed unedited via the Defense Information Systems Agency's ! ! Security Coordination Center distribution system as a means ! ! of providing DISN subscribers with useful security information. ! ! ! + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + -----BEGIN PGP SIGNED MESSAGE----- <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Automated Systems Security Incident Support Team _____ ___ ___ _____ ___ _____ | / /\ / \ / \ | / \ | | / Integritas / \ \___ \___ | \___ | | < et /____\ \ \ | \ | | \ Celeritas / \ \___/ \___/ __|__ \___/ | |_____\ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Bulletin 98-01 Release date: February 3, 1998 Subject: ASSIST Information Resources. To facilitate the timely distribution of security-relevant information to DoD sites worldwide, ASSIST provides: 1. An electronic bulletin board system (BBS) 2. An anonymous File Transfer Protocol (FTP) system 3. A web site (WWW) 4. A mailing list with up to date security related bulletins This ASSIST bulletin provides information about the services that we offer the DOD community and how to access them. Please call the ASSIST Hotline at either 1-800-357-4231 (Comm) or 327-4700 (DSN) or send mail to assist@assist.mil, when encountering any difficulty accessing our BBS, FTP, or WWW site. _________________________________________________________________ ASSIST BBS The ASSIST BBS is a dial-up system that can be reached via modem at 703-607-4710, DSN 327. The BBS is an open system, and users will be prompted to set up an account during the initial call to the system. The vast majority of the files are available for unrestricted viewing and downloading by any user of the BBS. The antivirus file areas are restricted to access by users who have been verified as being DoD affiliated personnel. The verification process is required to fulfill terms of the licensing agreement with Norton and McAfee for use of their AV software. The BBS is currently maintained with the latest version of the antivirus software. However, the BBS has been used very infrequently in the past few months, and support for it may disappear in the coming months. If you have a serious mission requirement for the BBS, please send us email (assist@assist.mil). ASSIST verifies DoD affiliation by performing a call back to a DSN phone number provided by the person making the request, or through some other arrangement. Once verified, access is granted to the antivirus file area by an ASSIST BBS system administrator. Users who have questions or problems while on the BBS should go to the "Message Menu" and leave a message for "sysop". To login to the ASSIST BBS you will need: * Personal Computer (PC). * Modem (baud rates up to 28.8 are supported). * Communications software such as Procomm, Procomm+, Smartcom II or III, Crosstalk, etc. * Communication software settings should be: - Data bits: 8 - Stop bits: 1 - Parity: None - Duplex: Full - Terminal emulation: ANSI, VT series or IBM PC are the most common. * File download/upload protocols supported include xmodem, zmodem, ymodem, and ASCII. After you connect to the BBS the first time, the software will prompt you for the necessary input to set up an account. _________________________________________________________________ ANONYMOUS FTP SITE ASSIST has an anonymous FTP system that is available to every DoD system registered with the Defense Data Network (DDN) Network Information Center (NIC), or local Domain Name Server (DNS). The FTP file system is identical to that of the BBS with a few minor exceptions. Messages cannot be left for ASSIST using FTP, but messages can be sent via Unclassified (but Sensitive) Internet Protocol Routing Network (NIPRNET) e-mail to assist@assist.mil. NIPRNET users can access the system by FTPing to NIPRNET address ftp.assist.mil (IP 199.211.123.12), and entering anonymous as the user ID and their e-mail address as the password. If the user sees the message "421 Connection refused by remote host", ftp.assist.mil did not resolve the incoming address as a .mil. If the user sees the message "Connection timed out", ftp.assist.mil could not determine whether or not the incoming address was a .mil in the allotted time. Our FTP site will attempt to resolve the incoming FTP address via DNS. If this fails, then our server will try to match the incoming FTP address with the NIC's database. You must be using a system with a .mil address to access our FTP site. If you still have trouble accessing our site, call our hotline for help. Users attempting to access our site from a 3b2 system need to call our hotline so we can disable our banners. In addition, certain Windows NT clients have been known to cause problems. In either case, call our hotline so we can make the appropriate changes so you can access our system. Directories of interest include: Directory /pub/antivirus/: Several up to date antivirus programs including Symantec's Norton AV and McAfee AV software. Directory /pub/bulletins/: ASSIST Security Bulletins sorted by year. Directory /pub/dos_utils/: General DOS based tools Directory /pub/info/: General Information including CHIPS Navy computer security newsletters, NIST bulletins, and various policy documents. Directory /pub/tools/: Security tools for various hardware/software platforms. Included are subdirectories for Digital Encryption Standard (DES) software, The Security Profile Inspector (SPI) for UNIX (in encrypted form, DES key available from ASSIST), and the Network Intrusion Detector (NID) _________________________________________________________________ WORLD WIDE WEB SITE Our Web site has undergone a significant face lift and is easier to use than ever. Set you browser to open: "http://www.assist.mil". Our Web site provides the DOD community with an easy to use and useful interface for accessing our archived bulletins, antivirus software, security tools, as well as links to other sites that might be useful. Using the web is also the easiest way to interface to our FTP site, just type "ftp://ftp.assist.mil". While our web site is not restricted to the DOD community, we do restrict access to many of the tools that are available on our site. If you have trouble downloading software please refer to the above section, "ANONYMOUS FTP SITE". The same restrictions apply to any software downloaded from our web site. _________________________________________________________________ SECURITY BULLETINS INFORMATION Our security bulletins are the best way that we can alert the DOD community of time sensitive security alerts. They may contain virus alerts, newly announced vulnerabilities and fixes, as well as other useful INFOSEC information. Our bulletins are not released on a fixed schedule, but instead as the need arises. We encourage any DOD personnel responsible for maintaining the integrity of a DOD information system to subscribe to our mailing list so that our information may reach the widest audience possible as quickly as possible. To subscribe: send mail to assist-request@assist.mil with the word SUBSCRIBE in the text of the message followed by the e-mail address that you wish the bulletins to go to. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ASSIST is an element of the Defense Information Systems Agency (DISA), Global Operations and Security Center (GOSC), which provides service to the entire DoD community. Constituents of the DoD with questions about ASSIST or computer security issues, can contact ASSIST using one of the methods listed below. Non-DoD organizations/institutions, contact the Forum of Incident Response and Security Teams (FIRST) representative. To obtain a list of FIRST member organizations and their constituencies send an email to docserver@first.org with an empty "subject" line and a message body containing the line "send first-contacts". ___________________________ ASSIST CONTACT INFORMATION: E-mail: assist@assist.mil Phone: (800)-357-4231 (DSN 327-4700) 24 hour hotline Fax: (703) 607-4735 (DSN 327-4735) Unclassified ASSIST Bulletins, tools and other security related information are available from http://www.assist.disa.smil.mil/ http://www.assist.mil/ ftp://ftp.assist.mil/ To be added to our mailing list for ASSIST bulletins, send your e-mail address to: assist-request@assist.mil In the subject line, type: SUBSCRIBE your-email-address ___________________________________ OTHER DOD CERT CONTACT INFORMATION: Air Force CERT Phone: (800) 854-0187 Air Force CERT Email: afcert@afcert.csap.af.mil Navy CIRT Phone: (800) 628-8893 Navy CIRT Email: navcirt@fiwc.navy.mil Army CERT Phone: (888) 203-6332 Army CERT Email: acert@vulcan.belvoir.army.mil _________________ ASSIST BULLETINS: Back issues of ASSIST bulletins, and other security related information, are available from the ASSIST BBS at 703-607-4710, 327-4710, and through anonymous FTP from ftp.assist.mil (IP address 199.211.123.12). Note: ftp.assist.mil will only accept anonymous FTP connections from Milnet addresses that are registered with the NIC or DNS. If your system is not registered, you must provide your MILNET IP address to ASSIST before access can be provided. ASSIST uses Pretty Good Privacy (PGP) as the digital signature mechanism for bulletins. PGP incorporates the RSAREF(tm) Cryptographic Toolkit under license from RSA Data Security, Inc. A copy of that license is available via anonymous FTP from net-dist.mit.edu (IP 18.72.0.3) in the file /pub/PGP/rsalicen.txt. In accordance with the terms of that license, PGP may be used for non-commercial purposes only. Instructions for downloading the PGP software can also be obtained from net-dist.mit.edu in the pub/PGP/README file. PGP and RSAREF may be subject to the export control laws of the United States of America as implemented by the United States Department of State Office of Defense Trade Controls. The PGP signature information will be attached to the end of ASSIST bulletins. Reference herein to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by ASSIST. The views and opinions of authors expressed herein shall not be used for advertising or product endorsement purposes. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBNNebM9H6sbnW3Io9AQGRNQP+JRwmVaBhHxREQIoeCrn5rWHO3PAjTCFQ FBzr8R7k0J6DWt4KGXY3b4gBXSKqXBc/ZwuEsyHebqqKVqPKOTPJLdHA83+Kvr4o CoiiX/eP2yxm+2SEX23h9BC6cdjzKHrHmNb3AAgZEwUmhCTINnNWsUcCGEuPLUdr iJz7hbKkhpU= =AfyF -----END PGP SIGNATURE----- **************************************************************************** * * * The point of contact for NIPRNET security-related incidents is the * * ASSIST: * * * * E-mail address: ASSIST@ASSIST.MIL * * * * Telephone: 1-(800)-357-4231 (24 hours/day) * * * * You may also contact the Security Coordination Center (SCC) at the * * NIC: * * * * E-mail address: SCC@NIC.MIL * * * * Telephone: 1-(800)-365-3642 * * * * NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, * * Monday through Friday except on federal holidays. * * * **************************************************************************** PLEASE NOTE: Some users outside of the DOD computing communities may receive DISN Security Bulletins. If you are not part of the DOD community, please contact your agency's incident response team to report incidents. Your agency's team will coordinate with DOD. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained by sending email to docserver@first.org with an empty subject line and a message body containing the line: send first-contacts. This document was prepared as an service to the DOD community. Neither the United States Government nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government. The opinions of the authors expressed herein do not necessarily state or reflect those of the United States Government, and shall not be used for advertising or product endorsement purposes.