From: | James Dening james.dening@****.co.uk |
---|---|
Subject: | Error Report |
Date: | Tue, 10 Oct 2000 13:58:40 +0100 |
>>>>>[Errorlog activated:
Error 0x2030. Priority 1. 'Invalid Time/Date stamp'
Moniker 'Seraph'. TD <(*#:5d:##/6&-^4-*&>.
Node trace:
0x00001068 ('GridSecSvr0007)
0x1a4011c8 ('RegServer148')
0x142511b0 ('Drimacus')
0x14250e40 (Unnamed)
Error 0x0010. Priority 3. 'Physical Connection broken.'
]<<<<<
-- SecDaemon <06:52:23/10-10-61>
Regional Server 148
GridSec, Inc.
*****INTERNAL: Robert Frakes, Gridsec Security.
>>>>>[Sir, I thought you'd want to see this:
+++++include message
Someone's cracked the new TD code. They haven't been able to
spoof it fully, just scramble it. It looks like they're overwriting garbage
onto the TD stamp, which is pretty easy. However, our system should
reject any message that doesn't have an authentic TD stamp - it's only
the message spawning subsystem that permits unstamped messages,
and that only applies to new messages, not ones that have been in
the system for several minutes.
As you can see, we were on it quick enough to try a trace, but
we hit a standard cutout. I think our best line on this one is to
try and figure out how they're breaking the TD stamp.
I'll have a think about it. In theory, this simply *shouldn't* work.]<<<<<
-- Bill Hickson <06:58:21/10-10-61>
Security Duty Monitor
GridSec, Inc.