Số đo lường của địa chỉ IP được tìm thấy trên số tiềm năng của mạng nội bộ của máy chủ được xác định bởi danh sách "được biết đến" mạng nội bộ khối CIDR. Một số công ty phân bổ không gian của họ đạm bạc hơn hơn những người khác, có thể dễ dàng quản lý mạng và | 296 An Evening with Berferd Figure Connections to the Jail. Two logs were kept per session one each for input and output. The logs were labeled with starting and ending times. The Jail was hard to set up. We had to get the access times in dev right and update utmp for Jail users. Several raw disk files were too dangerous to leave around. We removed ps who w netstat and other revealing programs. The login shell script had to simulate login in several ways see Figure . Diana D Angelo set up a believable file system this is very good system administration practice and loaded a variety of silly and templing files. Paul Glick got the utmp stuff working. A little later Berferd discovered the Jail and rattled around in it. He looked for a number of programs that we later learned contained his favorite security holes. To us the Jail was not very convincing but Berferd seemed to shrug it off as part of the strangeness of our gateway. Tracing Berferd Berferd spent a lot of time in our Jail. We spent a lot of time talking to Stephen Hansen the system administrator at Stanford. Stephen spent a lot of lime trying to get a trace. Berferd was attacking us through one of several machines at Stanford. He connected to those machines from a terminal server connected to a terminal server. He connected to the terminal server over a telephone line We checked the times he logged in to make a guess about the time zone he might be in. Figure shows a simple graph we made of his session start times PST . It seemed to suggest a sleep period on the East Coast of the United States but programmers are noted for strange hours. This Tracing Berferd 29 setupsucker login SUCKERROOT usr spool hacker login echo CDEST cut -f 4 -d extract login from service name home egrep login SSUCKERROOT etc passwd cut -d -f6 PATH v bsd43 sv export PATH HOME home export HOME USER login export USER SHELL v sh export SHELL unset CSOURCE CDEST hide these Datakit strings get the tty and pid to set up .