The Center for Education and Research in Information Assurance and Security, or CERIAS, is the world's foremost University center for multidisciplinary research and education in areas of information security. Our areas of research include computer, network, and communications security as well as information assurance.

This site's design is only visible in a graphical browser that supports web standards, but its content is accessible to any browser or Internet device. (Why?)

Center for Education and Research in Information Assurance and Security

COAST Security Archive Logo Category Index: /pub/doc/true_stories

No Pointing!

This WWW page was generated automatically. Link makers should not point their links to this page. If you must, please make a link to the search entry point.

Bill Cheswick, A Evening with BerFerd In Which a Cracker is Lured, Endured, and Studied
Abstract: This paper is chronicle of the crackers' "successes" and disappointments, the bait and traps used to lure and detect him, and the chroot "Jail" we built to watch his activities.

Steven M. Bellovin, There Be Dragons
Abstract: Our security gateway to the Internet,, provides only a limited set of services. Most of the standard servers have been replaced by a variety of trap programs that look for attacks. Using these, we have detected a wide variety of pokes, ranging from simple doorknob-twisting to determined assaults. The attacks range from simple attempts to log in as guest to forged NFS packets. We believe that many other sites are being probed but are unaware of it: the standard network daemons do not provide administrators with either appropriate controls and filters or with the logging necessary to detect attacks.

Fuat Baran, Howard Kaye, Margarita Suarez, Security Breaches: Five Recent Incidents at Columbia University
Abstract: During a two-month period (February through March, 1990) Columbia University was involved in five break-in incidents. This paper provides a detailed account of each incident as well as what steps we took,both short-term and long-term, to reduce the likelihood of future incidents.

Anatoly Ivasyuk, Unix Admin. Horror Story Summary
Abstract: This is version 1.0 of the unofficial "Unix Administration Horror Story Summary". This is a summary of the "Unix Administration Horror Stories" thread which was seen in comp.unix.admin in October '92.

Christopher Klaus, A Guide to Internet Security: Becoming an Uebercracker and Becoming an UeberAdmin to stop Uebercrackers.
Abstract: This is a paper will be broken into two parts, one showing 15 easy steps to becoming a uebercracker and the next part showing how to become a ueberadmin and how to stop a uebercracker. A uebercracker is a term phrased by Dan Farmer to refer to some elite (cr/h)acker that is practically impossible to keep out of the networks.


O Built by Mark Crosbie and Ivan Krsul.

Security Archive Page Security Archive Homepage.

COAST Homepage COAST Project (CERIAS)Page.

Purdue CS Homepage Purdue CS Dept page. (COAST Security Archive)