Path: utzoo!attcan!uunet!husc6!linus!mbunix!dsg From: dsg@mitre-bedford.ARPA (David S. Goldberg) Newsgroups: comp.protocols.tcp-ip Subject: Re: Virus - did it infect "secure" machines Keywords: Kerebos Message-ID: <41831@linus.UUCP> Date: 15 Nov 88 17:00:22 GMT References: <1792@sbcs.sunysb.edu> <170@heart-of-gold> Sender: news@linus.UUCP Reply-To: dsg@mbunix (Goldberg) Organization: The MITRE Corporation, Bedford, Mass. Lines: 32 In article <170@heart-of-gold> jc@heart-of-gold (John M Chambers) writes: >> >You should be a bit wary of accepting the answers. I personally know of >several MilNet systems that were infected, but the public answer from their >administrators is "Of course not!" Ask yourself: Why should they tell the >truth? I suspect that nobody (not even those in security agencies) will >ever know how widespread the infection really was. Considering that no >real damage was done, it's very easy to cover up an infection and pretend >it never happened. > >-- >From: John Chambers John, It is not the case that all MILnet hosts are denying that they were affected. Mbunix (MITRE's corporate Ultrix systems for those of you who are not with MITRE) was attacked, although the worm didn't replicate itself there (ie the connections were made, but symptoms never felt), and at least one local Sun network was infected. I even spoke to a reporter about it, so I know that we are not denying anything about being hit. If the question is whether or not machines containing classified info were hit, then the answer is probably no, because (granted, as I understand it) those machines are not even allowed on MILnet or any other wide network. -dave -------------------------------------------------------------------------- Dave Goldberg ARPA: dsg@mitre-bedford.arpa The Mitre Corporation or dsg@mbunix.mitre.org MS B020 UUCP: linus!mbunix!dsg Bedford, MA 01730 617-271-2460