Case #3 (2 of 3): Entering and Breaking
1130-2201: LANs in Pentagon, DISA, and Norfolk fail. Network
saturation causes firewall failures; NT mail servers and file
servers “blue screen”. Routine office communications
between Joint Staff and CONUS CINCs fail.
1403-1505: Over 150 SGI computers were found running the bmb
program (33 at DISA, 98 in Pentagon, and 29 in Norfolk).
All running under the lp, demos, or guest accounts (accounts
did not have passwords).
1505-2201: Failures continue. Packet bombs from random addresses are
attacking NT assets. Several machines within DISA and
Pentagon have been identified as the source. Root access was
compromised. Tracing of masqueraded packet bombs is
slow. At 2202 THREAT CONDITION Bravo set. Three days later
THREAT CONDITION Bravo is cancelled.