CISE Help & Resources
Secure Access Case Studies
CISE has been the victim of sniffer attacks from both ends of the connection, that is, on our own network, as well as on remote networks.
CISE Net: June 1998: it was discovered that an intruder has broken into one of the machines on the CISE network, and was in the middle of launching a Denial of Service (DoS) attack against a remote site.
After further investigation, it was found that the intruder had set up a network sniffer and had captured the passwords of about 40 CISE users. The admins were fortunate enough to find a log of each user whose password had been discovered, meaning that only those users were required to change their passwords. If the log file had not been found, all users would have been required to change their passwords. (Unfortunately, it was never discovered how the intruder broke in in the first place).
Had the user been unable to sniff user's passwords, the damage could have been limited to only the initial compromised account.
Remote Net: January 1999: another intruder was discovered to have broken into the CISE net. After the initial investigation, it was found that the compromised account had been accessed from a remote network just prior to the initial breakin.
The admins of the remote network were contacted, and it was discovered that a machine on their network was compromised. The intruder had set up a sniffer there to capture both incoming and outgoing passwords, and was able to capture the username and password of a CISE account. Fortunately, the intruder was discovered before any serious harm could result.
Once again, however, if a secure method of remote logins had been used, this breakin could have been avoided.