=[ x25-box.com ]=

Packet-switched Networks
Security Begins with Configuration

On many networks users have the ability to connect to the
packet assembler/disassembler (PAD) of the network dial-ups.
This has led to significant problems in the past.

In the mid-1980's two American hackers were exploring the
German packet network DATEX-P. One connected to a host in
Berlin and was immediately disconnected by the remote site.
Before the hacker could react, the German host connected to
the NUA corresponding to his Sprintnet PAD and sent him a
login prompt. This alarmed the hacker greatly, as he assumed
that the proprietors of the German host had somehow noticed
his attempt to access their system. He contacted his partner
and told him of the occurrence. The two concluded that since
the NUA of the origination point is sent in the packet-header,
the remote site must have been programed to recognize the NUA and
then return the call. The fact that it had returned a call to a
public PAD was intriguing to the pair, so they decided to
attempt to recreate the event by calling each other. Both
individuals connected to the network and one entered the NUA
corresponding to the others PAD. A connection resulted and
the two were able to interact with one another. They then
decided that they would periodically meet in this fashion and
discuss their findings from Germany. At the time of the next
meeting, the connection did not occur as planned. One hacker
quickly received a telephone call from the second who
exclaimed rather excitedly that he had attempted to connect
to his partner as planned, but accidentally connected to
another PAD and intercepted a legitimate user typing his NUI.
Further investigation proved that one could connect to public
PADs during the idle period when the user was in network
mode, prior to making a connection to a remote site. This
discovery was intended to remain secret, because of its
extremely dangerous applications. Nevertheless, word of this
discovery soon reached the entire hacker community and what
came to be known as "PAD to PAD" was born.

The "PAD to PAD" technique became so wide-spread that hackers
were soon writing software to intercept data and emulate
hosts and capture login names and passwords from unsuspecting
network users. Hackers were intercepting thousands of calls
every day from users connecting to systems ranging from
banking and credit to the Fortune 500 to government sites.

After nearly two years of "PAD to PAD" Sprintnet became
alerted to the crisis and disallowed all connections to
public PADs. When Sprintnet expanded its service overseas
they once again left access to the overseas PADs
unrestricted. The problem went unnoticed again until
their attention was brought to it by a hacker who called
Sprintnet security and told them that they ought to fix it
quickly before it became as wide-spread as before.
The problem was resolved much quicker this time.

This particular technique was not limited to Sprintnet. All
networks using the Telenet software are at risk to this type
of manipulation. This type of network manipulation was
integral in the recent compromise of a large Bell Company's packet
network in a much-publicized case. Certain foreign
networks in countries such as Israel, England, Chile, Panama,
Peru and Brazil are also at risk.