| From: | Mike Goldberg <michael.goldberg@*******.COM> |
|---|---|
| Subject: | System logs.... |
| Date: | Wed, 30 Oct 1996 13:07:57 MST |
>>>>>[ Ugly. Pure and utterly ugly. I suspect Ratspeak was just used as a
lure. You just had a decker get stomped at the gate of your node. I just
discovered a small weakness they may be able to eventually exploit. If
they can figure out the identities for getting in but get the entry process
only somewhat wrong, a decker gets notified, but the wrong person doesn't
get booted from the system. Between the time the decker gets notified and
gets to the node in question, the decker, if he is real good, can skate
the first node.
(This analysis was done on a non-alert system that I developed for someone
else.) I won't go into how you exploit this deficiency. But if you see
what looks like a hung user that failed to login. You might want to kick
the system up to full alert (system load should dump the hung user) and
carefully scan adjacent nodes. With your setup, and typical response
times, if they are real good they could be two away. More likely they are
next node. To be safe, I would station a frame in the nodes you think it
is reasonable that they might have reached. Assuming you don't find them,
scan thoroughly through your system, leaving the frames there to look for
any unusual activity.
We should have a fix for this deficiency by the COB Thursday if not sooner.
Depends on how long it takes to regression test it. We want to use Thursday
for each of us to take a crack at skating the ice at each of the alert
levels. ]<<<<<
-- Scourge <13:05:53/10-30-57>
