[nsp-sec] Scans from Columbia University CS department

Smith, Donald Donald.Smith at qwest.com
Thu Jun 25 11:46:49 EDT 2009 


Donald.Smith at qwest.com gcia 

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of 
> Joel Rosenblatt
> Sent: Thursday, June 25, 2009 9:19 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Scans from Columbia University CS department
> 
> ----------- nsp-security Confidential --------
> 
> Hi everyone,
> 
> In case you notice some low level scans on your network of 
> port 21 and 23 from machines named 
> hacktory(xx).cs.columbia.edu, they are running an experiment 
> looking for vulnerable routers.
What do you mean by low level scans?

How are they identifying vulnerable routers?

Is this telnet and password guessing?

If so your in violation of your own AUP:)


http://www.columbia.edu/cu/policy/network_use.html
1. Unauthorized attempts to gain privileged access or access to any account or system not belonging to you on any University system are not permitted. 

6. No University system or network may be used as a vehicle to gain unauthorized access to other systems. 

Honestly I am interested in the results but suspect this may be illegal depending on the answers to qwestions above:)


> 
> Please let me know if you think that this is a very bad idea 
> - I will pass along any (sanitized) comments - or you can 
> send email to ids at cs.columbia.edu 
> directly :-)
> 
> This has been going on for about 3 months now.
> 
> Thanks,
> Joel Rosenblatt
> 
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
> 
> 
> See <http://hacktory03.cs.columbia.edu/>
> 
> Project Details
> 
> The router vulnerability assessment initiative is part of a 
> study conducted by the Intrusion Detection Laboratory at 
> Columbia University.
> 
> The intention of the project is to scan for and catalog 
> common vulnerabilities and misconfigurations found among home routers.
> 
> The project will not record or access personal information, 
> nor will it launch any type of malicious attack against the 
> target devices.
> 
> Upon the conclusion of the project, the general findings will 
> be published in a scientific paper, and will be furnished to 
> the relevant internet service 
> providers.
> 
> If you are interested in this project or would like to opt 
> out of this study, please contact us at:
> 
> ids[at]cs[dot]columbia[dot]edu
> 
> 
> 
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security
> community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________
> 
>

More information about the nsp-security mailing list