Sun Workstations and Servers: Beware of Hackers! By C. Y. Kwok

Huge volume of outgoing Internet traffic, amounting to over 5 Gigabytes per hour, was recorded between 28 September and 5 October 1999, resulting in slow Internet responsiveness during the period and the University was subject to a charge for jeopardising the shared HARNET Internet link.

Four SUN workstations were identified having contributed to such traffic. These workstations are believed to have been compromised by an unknown hacker and used for launching attacks against some Internet sites. Presumably these were some sort of denial-of-service attacks in which the remote systems (victims) were bombarded with heavy incoming traffic in order to cripple or bring down their services. Even though the four SUN workstations were also victims (for being hijacked) themselves in this case, they are nevertheless legally liable for any damage (such as losses in bandwidth, cpu, data, service, business, etc.) caused to the remote systems.

The number of systems on the CTNET-II having been compromised by the same hacker or other hackers might not be limited to the above-mentioned four SUN workstations. Whoever in possession of any Unix system or Windows-based servers (Windows PC providing services) are strongly advised to check their own systems for security loopholes. Please take note of the following points when doing so:

Ensure all passwords are well protected. Lock the machine in a secure place to avoid unauthorized access Upgrade the operating system to the latest version, if possible Make sure all security patches for the systems software as well as any applications software running on the system have been applied. A good place to look for such information is http://www.cert.org/ Do not enable or start up services which are not required on the system. Services provide holes for hacking by hackers. Always shutdown the system when it is not in use. Shutdown or disconnect the system when it is believed to have been hacked so that it can not be accessed by the hacker again. Disable or remove unnecessary account

Further recommendations can be found in our published “General Security Guidelines for Administering UNIX Systems” at http://www.cityu.edu.hk/csc/stafflan/csc3-security-guidline.htm.