%!PS-Adobe-2.0
%%Creator: dvips 5.490 Copyright 1986, 1992 Radical Eye Software
%%Pages: 16 1
%%BoundingBox: 0 0 612 792
%%EndComments
%DVIPSCommandLine: dvips -f -q
%%BeginProcSet: tex.pro
%!
/TeXDict 250 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N /X{S N}
B /TR{translate}N /isls false N /vsize 11 72 mul N /@rigin{isls{[0 -1 1 0 0 0]
concat}if 72 Resolution div 72 VResolution div neg scale isls{Resolution hsize
-72 div mul 0 TR}if Resolution VResolution vsize -72 div 1 add mul TR matrix
currentmatrix dup dup 4 get round 4 exch put dup dup 5 get round 5 exch put
setmatrix}N /@landscape{/isls true N}B /@manualfeed{statusdict /manualfeed
true put}B /@copies{/#copies X}B /FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0]N /nn 0 N
/IE 0 N /ctr 0 N /df-tail{/nn 8 dict N nn begin /FontType 3 N /FontMatrix
fntrx N /FontBBox FBB N string /base X array /BitMaps X /BuildChar{
CharBuilder}N /Encoding IE N end dup{/foo setfont}2 array copy cvx N load 0 nn
put /ctr 0 N[}B /df{/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0
0 sf neg 0 0]N df-tail}B /E{pop nn dup definefont setfont}B /ch-width{ch-data
dup length 5 sub get}B /ch-height{ch-data dup length 4 sub get}B /ch-xoff{128
ch-data dup length 3 sub get sub}B /ch-yoff{ch-data dup length 2 sub get 127
sub}B /ch-dx{ch-data dup length 1 sub get}B /ch-image{ch-data dup type
/stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0 N /rw 0 N /rc 0 N /gp 0 N
/cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S dup /base get 2 index get
S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx 0 ch-xoff ch-yoff ch-height
sub ch-xoff ch-width add ch-yoff setcachedevice ch-width ch-height true[1 0 0
-1 -.1 ch-xoff sub ch-yoff .1 add]{ch-image}imagemask restore}B /D{/cc X dup
type /stringtype ne{]}if nn /base get cc ctr put nn /BitMaps get S ctr S sf 1
ne{dup dup length 1 sub dup 2 index S get sf div put}if put /ctr ctr 1 add N}
B /I{cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI save N @rigin
0 0 moveto /V matrix currentmatrix dup 1 get dup mul exch 0 get dup mul add
.99 lt{/FV}{/RV}ifelse load def pop}N /eop{SI restore showpage userdict
/eop-hook known{eop-hook}if}N /@start{userdict /start-hook known{start-hook}
if /VResolution X /Resolution X 1000 div /DVImag X /IE 256 array N 0 1 255{IE
S 1 string dup 0 3 index put cvn put}for 65781.76 div /vsize X 65781.76 div
/hsize X}N /p{show}N /RMat[1 0 0 -1 0 0]N /BDot 260 string N /rulex 0 N /ruley
0 N /v{/ruley X /rulex X V}B /V{}B /RV statusdict begin /product where{pop
product dup length 7 ge{0 7 getinterval dup(Display)eq exch 0 4 getinterval
(NeXT)eq or}{pop false}ifelse}{false}ifelse end{{gsave TR -.1 -.1 TR 1 1 scale
rulex ruley false RMat{BDot}imagemask grestore}}{{gsave TR -.1 -.1 TR rulex
ruley scale 1 1 false RMat{BDot}imagemask grestore}}ifelse B /FV{gsave
transform round exch round exch itransform moveto rulex 0 rlineto 0 ruley neg
rlineto rulex neg 0 rlineto fill grestore}B /a{moveto}B /delta 0 N /tail{dup
/delta X 0 rmoveto}B /M{S p delta add tail}B /b{S p tail}B /c{-4 M}B /d{-3 M}
B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B /j{3 M}B /k{4 M}B /w{0
rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w}B /q{p 1 w}B /r{p 2 w}
B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{3 2 roll p a}B /bos{/SS save N}B
/eos{SS restore}B end
%%EndProcSet
TeXDict begin 40258431 52099146 1000 300 300 @start /Fa 3 63
df<70F8F8F87005057C840D>58 D<000001C00000078000001E00000078000001E00000078000
000E00000038000000F0000003C000000F0000003C000000F0000000F00000003C0000000F0000
0003C0000000F0000000380000000E0000000780000001E0000000780000001E00000007800000
01C01A1A7C9723>60 D62 D E /Fb 28 118 df45 D<387CFEFEFE7C3807077C
8610>I<00180000780001F800FFF800FFF80001F80001F80001F80001F80001F80001F80001F8
0001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F8
0001F80001F80001F80001F80001F8007FFFE07FFFE013207C9F1C>49 D<03FC000FFF003C1FC0
7007E07C07F0FE03F0FE03F8FE03F8FE01F87C01F83803F80003F80003F00003F00007E00007C0
000F80001F00003E0000380000700000E01801C0180380180700180E00380FFFF01FFFF03FFFF0
7FFFF0FFFFF0FFFFF015207D9F1C>I<00FE0007FFC00F07E01E03F03F03F03F81F83F81F83F81
F81F03F81F03F00003F00003E00007C0001F8001FE0001FF000007C00001F00001F80000FC0000
FC3C00FE7E00FEFF00FEFF00FEFF00FEFF00FC7E01FC7801F81E07F00FFFC001FE0017207E9F1C
>I<000070000000007000000000F800000000F800000000F800000001FC00000001FC00000003
FE00000003FE00000003FE00000006FF000000067F0000000E7F8000000C3F8000000C3F800000
183FC00000181FC00000381FE00000300FE00000300FE00000600FF000006007F00000E007F800
00FFFFF80000FFFFF800018001FC00018001FC00038001FE00030000FE00030000FE000600007F
000600007F00FFE00FFFF8FFE00FFFF825227EA12A>65 DI<0003FE0080001FFF818000FF01E38001F8003F8003E0001F8007C0000F800F8000
07801F800007803F000003803F000003807F000001807E000001807E00000180FE00000000FE00
000000FE00000000FE00000000FE00000000FE00000000FE00000000FE000000007E000000007E
000001807F000001803F000001803F000003801F800003000F8000030007C000060003F0000C00
01F800380000FF00F000001FFFC0000003FE000021227DA128>I76 DI80 D<01FC0407FF8C1F03FC3C007C7C003C78001C7800
1CF8000CF8000CFC000CFC0000FF0000FFE0007FFF007FFFC03FFFF01FFFF80FFFFC03FFFE003F
FE0003FF00007F00003F00003FC0001FC0001FC0001FE0001EE0001EF0003CFC003CFF00F8C7FF
E080FF8018227DA11F>83 D<7FFFFFFF807FFFFFFF807E03F80F807803F807807003F803806003
F80180E003F801C0E003F801C0C003F800C0C003F800C0C003F800C0C003F800C00003F8000000
03F800000003F800000003F800000003F800000003F800000003F800000003F800000003F80000
0003F800000003F800000003F800000003F800000003F800000003F800000003F800000003F800
000003F800000003F800000003F8000003FFFFF80003FFFFF80022227EA127>I<07FC001FFF80
3F07C03F03E03F01E03F01F01E01F00001F00001F0003FF003FDF01FC1F03F01F07E01F0FC01F0
FC01F0FC01F0FC01F07E02F07E0CF81FF87F07E03F18167E951B>97 DI<00FF8007FFE00F83F01F03F03E03F07E03F07C
01E07C0000FC0000FC0000FC0000FC0000FC0000FC00007C00007E00007E00003E00301F00600F
C0E007FF8000FE0014167E9519>I<0001FE000001FE0000003E0000003E0000003E0000003E00
00003E0000003E0000003E0000003E0000003E0000003E0000003E0001FC3E0007FFBE000F81FE
001F007E003E003E007E003E007C003E00FC003E00FC003E00FC003E00FC003E00FC003E00FC00
3E00FC003E00FC003E007C003E007C003E003E007E001E00FE000F83BE0007FF3FC001FC3FC01A
237EA21F>I<00FE0007FF800F87C01E01E03E01F07C00F07C00F8FC00F8FC00F8FFFFF8FFFFF8
FC0000FC0000FC00007C00007C00007E00003E00181F00300FC07003FFC000FF0015167E951A>
I<03FC1E0FFF7F1F0F8F3E07CF3C03C07C03E07C03E07C03E07C03E07C03E03C03C03E07C01F0F
801FFF0013FC003000003000003800003FFF801FFFF00FFFF81FFFFC3800FC70003EF0001EF000
1EF0001EF0001E78003C7C007C3F01F80FFFE001FF0018217E951C>103
D<1C003E007F007F007F003E001C000000000000000000000000000000FF00FF001F001F001F00
1F001F001F001F001F001F001F001F001F001F001F001F001F001F001F00FFE0FFE00B247EA310
>105 D108 D110 D<00FE0007FFC00F83E01E00F03E00F8
7C007C7C007C7C007CFC007EFC007EFC007EFC007EFC007EFC007EFC007E7C007C7C007C3E00F8
1F01F00F83E007FFC000FE0017167E951C>II114
D<0FF3003FFF00781F00600700E00300E00300F00300FC00007FE0007FF8003FFE000FFF0001FF
00000F80C00780C00380E00380E00380F00700FC0E00EFFC00C7F00011167E9516>I<01800001
80000180000180000380000380000780000780000F80003F8000FFFF00FFFF000F80000F80000F
80000F80000F80000F80000F80000F80000F80000F80000F80000F81800F81800F81800F81800F
81800F830007C30003FE0000F80011207F9F16>II
E /Fc 49 125 df<007000F001E003C007800F001E001C00380038007000700070007000E000E0
00E000E000E000E000E000E0007000700070007000380038001C001E000F00078003C001F000F0
00700C24799F18>40 D<6000F00078003C001E000F000780038001C001C000E000E000E000E000
70007000700070007000700070007000E000E000E000E001C001C0038007800F001E003C007800
F00060000C247C9F18>I<01C00001C00001C00001C000C1C180F1C780F9CF807FFF001FFC0007
F00007F0001FFC007FFF00F9CF80F1C780C1C18001C00001C00001C00001C00011147D9718>I<
7FFF00FFFF80FFFF807FFF0011047D8F18>45 D<3078FCFC78300606778518>I<000300000780
000780000F80000F00001F00001E00001E00003E00003C00007C0000780000780000F80000F000
01F00001E00003E00003C00003C00007C0000780000F80000F00000F00001F00001E00003E0000
3C00003C00007C0000780000F80000F00000F0000060000011247D9F18>I<01F00007FC000FFE
001F1F001C07003803807803C07001C07001C0E000E0E000E0E000E0E000E0E000E0E000E0E000
E0E000E0E000E0F001E07001C07001C07803C03803801C07001F1F000FFE0007FC0001F000131C
7E9B18>I<01800380038007800F803F80FF80FB80438003800380038003800380038003800380
038003800380038003800380038003807FFCFFFE7FFC0F1C7B9B18>I<03F0000FFE003FFF007C
0F807003C0E001C0F000E0F000E06000E00000E00000E00001C00001C00003C0000780000F0000
1E00003C0000780000F00001E00007C0000F80001E00E03C00E07FFFE0FFFFE07FFFE0131C7E9B
18>I<1FFF803FFF803FFF803800003800003800003800003800003800003800003800003BF800
3FFE003FFF003C07801803C00001C00000E00000E06000E0F000E0F000E0E001C07003C07C0F80
3FFF001FFC0003F000131C7E9B18>53 D<007E0001FF0007FF800F83C01E03C01C03C038018038
0000700000700000E1F800E7FE00FFFF00FE0780F803C0F001C0F000E0E000E0F000E07000E070
00E07000E03801C03C03C01E07800FFF0007FE0001F800131C7E9B18>I<03F0000FFC001FFE00
3C0F00780780700380E001C0E001C0E001C0E001E0E001E07001E07803E03C0FE01FFFE00FFEE0
03F0E00000E00001C00001C00001C0300380780780780F00783E003FFC001FF00007C000131C7E
9B18>57 D<00700000F80000F80000D80000D80001DC0001DC0001DC00018C00038E00038E0003
8E00038E000306000707000707000707000707000FFF800FFF800FFF800E03800E03801C01C01C
01C07F07F0FF8FF87F07F0151C7F9B18>65 D70
D77 D<7E07F0FF0FF87F07F01D81C01D81C01D81C01DC1C01CC1C0
1CC1C01CE1C01CE1C01CE1C01C61C01C71C01C71C01C31C01C39C01C39C01C39C01C19C01C19C0
1C1DC01C0DC01C0DC01C0DC07F07C0FF87C07F03C0151C7F9B18>I80 D<7FF800FFFE007FFF001C0F801C03801C03C01C01C01C01C01C01C01C03C01C03801C0F80
1FFF001FFE001FFE001C0F001C07001C03801C03801C03801C03801C03801C039C1C039C1C039C
7F01F8FF81F87F00F0161C7F9B18>82 D<03F3801FFF803FFF807C0F80700780E00380E00380E0
0380E000007000007800003F00001FF00007FE0000FF00000F800003C00001C00000E00000E060
00E0E000E0E001E0F001C0F80780FFFF80FFFE00E7F800131C7E9B18>I<7FFFF8FFFFF8FFFFF8
E07038E07038E07038E07038007000007000007000007000007000007000007000007000007000
00700000700000700000700000700000700000700000700000700007FF0007FF0007FF00151C7F
9B18>I86 D<7F8FE07F9FE07F8FE00E07000F0700070E00078E00
039C0003DC0001F80001F80000F00000F00000700000F00000F80001F80001DC00039E00038E00
070F000707000E07800E03801E03C07F07F0FF8FF87F07F0151C7F9B18>88
DI<018007C01FF07EFCF83EE00E0F067C9B18>94
D<1FE0003FF8007FFC00781E00300E0000070000070000FF0007FF001FFF007F0700780700E007
00E00700E00700F00F00781F003FFFF01FFBF007E1F014147D9318>97 D<7E0000FE00007E0000
0E00000E00000E00000E00000E00000E3E000EFF800FFFC00FC1E00F80E00F00700E00700E0038
0E00380E00380E00380E00380E00380F00700F00700F80E00FC1E00FFFC00EFF80063E00151C80
9B18>I<01FE0007FF001FFF803E0780380300700000700000E00000E00000E00000E00000E000
00E000007000007001C03801C03E03C01FFF8007FF0001FC0012147D9318>I<001F80003F8000
1F8000038000038000038000038000038003E3800FFB801FFF803C1F80380F80700780700380E0
0380E00380E00380E00380E00380E00380700780700780380F803C1F801FFFF00FFBF803E3F015
1C7E9B18>I<01F00007FC001FFE003E0F00380780700380700380E001C0E001C0FFFFC0FFFFC0
FFFFC0E000007000007001C03801C03E03C01FFF8007FF0001FC0012147D9318>I<001F80007F
C000FFE000E1E001C0C001C00001C00001C0007FFFC0FFFFC0FFFFC001C00001C00001C00001C0
0001C00001C00001C00001C00001C00001C00001C00001C00001C00001C0007FFF007FFF007FFF
00131C7F9B18>I<01E1F007FFF80FFFF81E1E301C0E003807003807003807003807003807001C
0E001E1E001FFC001FF80039E0003800001C00001FFE001FFFC03FFFE07801F0700070E00038E0
0038E00038E000387800F07E03F01FFFC00FFF8001FC00151F7F9318>I<7E0000FE00007E0000
0E00000E00000E00000E00000E00000E3E000EFF800FFFC00FC1C00F80E00F00E00E00E00E00E0
0E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E07FC3FCFFE7FE7FC3FC171C80
9B18>I<03800007C00007C00007C0000380000000000000000000000000007FC000FFC0007FC0
0001C00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C0
0001C000FFFF00FFFF80FFFF00111D7C9C18>I<0038007C007C007C003800000000000000000F
FC1FFC0FFC001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C
001C001C001C001C001C6038F078FFF07FE03F800E277E9C18>I
I<7FE000FFE0007FE00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E0
0000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E0007FFF
C0FFFFE07FFFC0131C7E9B18>I<7CE0E000FFFBF8007FFFF8001F1F1C001E1E1C001E1E1C001C
1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C00
1C1C1C007F1F1F00FFBFBF807F1F1F001914819318>I<7E3E00FEFF807FFFC00FC1C00F80E00F
00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E07FC3FCFF
E7FE7FC3FC1714809318>I<01F0000FFE001FFF003E0F803803807001C07001C0E000E0E000E0
E000E0E000E0E000E0F001E07001C07803C03C07803E0F801FFF000FFE0001F00013147E9318>
I<7E3E00FEFF807FFFC00FC1E00F80E00F00700E00700E00380E00380E00380E00380E00380E00
380F00700F00700F80E00FC1E00FFFC00EFF800E3E000E00000E00000E00000E00000E00000E00
000E00007FC000FFE0007FC000151E809318>I<7F87E0FF9FF07FBFF803F87803F03003E00003
C00003C0000380000380000380000380000380000380000380000380000380007FFE00FFFF007F
FE0015147F9318>114 D<07F7003FFF007FFF00780F00E00700E00700E007007C00007FE0001F
FC0003FE00001F00600780E00380E00380F00380F80F00FFFF00FFFC00E7F00011147D9318>I<
0180000380000380000380000380007FFFC0FFFFC0FFFFC0038000038000038000038000038000
0380000380000380000380000380400380E00380E00380E001C1C001FFC000FF80003E0013197F
9818>I<7E07E0FE0FE07E07E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00
E00E00E00E00E00E00E00E01E00F03E007FFFC03FFFE01FCFC1714809318>I<7F8FF0FF8FF87F
8FF01E03C00E03800E03800E0380070700070700070700038E00038E00038E00038E0001DC0001
DC0001DC0000F80000F80000700015147F9318>II<7F8FF07F9FF07F8FF0070700078E00039E0001DC0001F80000F8000070
0000F00000F80001DC00039E00038E000707000F07807F8FF0FF8FF87F8FF015147F9318>I<7F
8FF0FF8FF87F8FF00E01C00E03800E0380070380070700070700038700038600038E0001CE0001
CE0000CC0000CC0000DC0000780000780000780000700000700000700000F00000E00079E0007B
C0007F80003F00001E0000151E7F9318>I<60F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0
F0F0F0F0F0F0F0F0F0F0F0F0F0F0600424769F18>124 D E /Fd 39 122
df<60C0F1E0F9F068D0081008100810102010202040C1800C0B7F9913>34
D<60F0F07010101020204080040B7D830B>44 D<60F0F06004047D830B>46
D<0004000C00180018001800300030003000600060006000C000C000C001800180018003000300
03000600060006000C000C000C00180018001800300030003000600060006000C000C0000E257E
9B13>I<000C0000000C0000000C0000001E0000001E0000003F00000027000000270000004380
0000438000004380000081C0000081C0000081C0000100E0000100E00001FFE000020070000200
700006007800040038000400380008001C0008001C001C001E00FF00FFC01A1A7F991D>65
DI<003F0201C0C603002E0E001E1C000E1C0006380006780002700002700002F0
0000F00000F00000F00000F00000F000007000027000027800023800041C00041C00080E000803
003001C0C0003F00171A7E991C>I<003F020001C0C60003002E000E001E001C000E001C000600
38000600780002007000020070000200F0000000F0000000F0000000F0000000F0000000F001FF
C070000E0070000E0078000E0038000E001C000E001C000E000E000E000300160001C06600003F
82001A1A7E991E>71 D73
D77
D80 D82 D<0FC21836200E6006C006C002C002C002E00070007E003FE01FF807FC003E000E000700
03800380038003C002C006E004D81887E0101A7E9915>I<7FFFFF00701C0700401C0100401C01
00C01C0180801C0080801C0080801C0080001C0000001C0000001C0000001C0000001C0000001C
0000001C0000001C0000001C0000001C0000001C0000001C0000001C0000001C0000001C000000
1C0000001C000003FFE000191A7F991C>I86 DI<183020404080
4080810081008100B160F9F078F030600C0B7B9913>92 D<3F8070C070E020700070007007F01C
7030707070E070E071E071E0F171FB1E3C10107E8F13>97 DI<07F80C1C381C30
087000E000E000E000E000E000E0007000300438080C1807E00E107F8F11>I<007E00000E0000
0E00000E00000E00000E00000E00000E00000E00000E0003CE000C3E00380E00300E00700E00E0
0E00E00E00E00E00E00E00E00E00E00E00600E00700E00381E001C2E0007CFC0121A7F9915>I<
07C01C3030187018600CE00CFFFCE000E000E000E0006000300438080C1807E00E107F8F11>I<
01F0031807380E100E000E000E000E000E000E00FFC00E000E000E000E000E000E000E000E000E
000E000E000E000E000E007FE00D1A80990C>I<0FCE187330307038703870387038303018602F
C02000600070003FF03FFC1FFE600FC003C003C003C0036006381C07E010187F8F13>II<18003C003C001800000000000000000000000000FC001C001C001C001C001C001C001C
001C001C001C001C001C001C001C00FF80091A80990A>I107
DIII<07E01C38300C700E60
06E007E007E007E007E007E0076006700E381C1C3807E010107F8F13>II114 D<1F2060E04020C020C0
20F0007F003FC01FE000F080708030C030C020F0408F800C107F8F0F>I<0400040004000C000C
001C003C00FFC01C001C001C001C001C001C001C001C001C201C201C201C201C200E4003800B17
7F960F>IIII121 D
E /Fe 4 53 df<0C003C00CC000C000C000C000C000C000C000C000C000C000C000C000C00FF80
09107E8F0F>49 D<1F00618040C08060C0600060006000C00180030006000C00102020207FC0FF
C00B107F8F0F>I<1F00218060C060C000C0008001800F00008000400060C060C060804060801F
000B107F8F0F>I<0300030007000F000B001300330023004300C300FFE003000300030003001F
E00B107F8F0F>I E /Ff 4 53 df<03000700FF00070007000700070007000700070007000700
070007000700070007000700070007007FF00C157E9412>49 D<0F8030E040708030C038E03840
38003800700070006000C00180030006000C08080810183FF07FF0FFF00D157E9412>I<0FE030
306018701C701C001C00180038006007E000300018000C000E000EE00EE00EC00C401830300FE0
0F157F9412>I<00300030007000F001F001700270047008701870107020704070C070FFFE0070
007000700070007003FE0F157F9412>I E /Fg 60 125 df<00003FE00000E010000180380003
80780003007800070030000700000007000000070000000E0000000E0000000E000000FFFFE000
0E00E0001C01C0001C01C0001C01C0001C01C0001C038000380380003803800038038000380700
00380700007007000070071000700E2000700E2000700E2000E00E2000E0064000E0038000E000
0000C0000001C0000001C000003180000079800000F3000000620000003C0000001D29829F1A>
12 D<000F00000030800C0060401E00C0203C01C0201C0180E0040381E0080303C00807018010
0700002007000040060001800678028007C40C4007041020060420200F0440101D0840103CF058
1038007C10780078107800301078000010F0000020F0000020F0000040F0000040700000807000
010038000300180004000E0018000780E00000FF00001F227BA023>38 D<0E1F3F3F1D01020204
04081020C0080E779F0E>I<000100020004000800100020006000C0018001800300070006000E
000C001C0018003800380030007000700060006000E000E000C000C000C000C000C000C000C000
C000C000C000C000C000C0004000600060002000100010000800102E79A113>I<001000000800
000400000600000200000300000300000300000100000180000180000180000180000180000180
000180000380000380000380000300000300000300000700000700000600000600000E00000C00
000C00001C0000180000380000300000700000600000E00000C000018000010000030000060000
0C0000180000300000600000800000112E80A113>I<1C3C3C3C3C040408081020204080060E7D
840E>44 D<7FF0FFE07FE00C037D8A10>I<70F8F8F0E005057B840E>I<000F800030E000E07001
C0700380300380380700380F00780F00780E00781E00781E00703C00F03C00F03C00F03C00F078
01E07801E07801E07801C07003C0F003C0F00380F00780F00700700700700E00701C0030380018
70000FC000151F7C9D17>48 D<000200020006000E003C00DC031C001C00380038003800380070
00700070007000E000E000E000E001C001C001C001C003800380038003800780FFF80F1E7B9D17
>I<001F0000718000C0C00180C00380E00700E00F00E00F01E01E01E01E01E01E01E01E01C01C
03C01C03C01C03C01C07C01C0F800C0F8006378003C700000F00000E00000E00001C00601C00F0
3800F07000E0600080C0004380003E0000131F7B9D17>57 D<070F1F1F0E000000000000000000
0070F8F8F0E008147B930E>I<00000200000006000000060000000E0000001E0000001E000000
3F0000002F0000004F0000004F0000008F0000010F0000010F0000020F0000020F0000040F0000
0C0F0000080F0000100F0000100F0000200F80003FFF800040078000C007800080078001000780
010007800200078002000780060007801E000F80FF807FF81D207E9F22>65
D<01FFFFC0001E00F0001E0078001E0038001E003C003C003C003C003C003C003C003C003C0078
007800780078007800F0007801E000F0078000FFFE0000F00F8000F003C001E001C001E001E001
E001E001E001E003C001E003C001E003C001E003C001C0078003C00780078007800F0007801E00
0F007800FFFFE0001E1F7D9E20>I<0000FE0200078186001C004C0038003C0060003C00C0001C
01C0001803800018070000180F0000181E0000101E0000103C0000003C00000078000000780000
007800000078000000F0000000F0000000F0000000F0000000F000008070000080700000807000
01003800010038000200180004000C001800060020000381C00000FE00001F217A9F21>I<01FF
FF80001E00E0001E0070001E0038001E001C003C001C003C000E003C000E003C000E0078000E00
78000E0078000E0078000E00F0001E00F0001E00F0001E00F0001E01E0003C01E0003C01E0003C
01E0007803C0007003C0007003C000E003C001C0078001C00780038007800E0007801C000F0070
00FFFFC0001F1F7D9E22>I<01FFFFFE001E001C001E000C001E0004001E0004003C0004003C00
04003C0004003C00040078080800780800007808000078180000F0300000FFF00000F0300000F0
300001E0200001E0200001E0200001E0001003C0002003C0002003C0004003C000400780008007
80018007800100078007000F001F00FFFFFE001F1F7D9E1F>I<01FFFFFC001E0038001E001800
1E0008001E0008003C0008003C0008003C0008003C000800780010007808000078080000780800
00F0100000F0300000FFF00000F0300001E0200001E0200001E0200001E0200003C0000003C000
0003C0000003C00000078000000780000007800000078000000F800000FFF800001E1F7D9E1E>
I<0000FC040007030C001C00980030007800E0007801C000380380003003800030070000300E00
00301E0000201E0000203C0000003C00000078000000780000007800000078000000F0000000F0
00FFF0F0000780F0000780F0000F0070000F0070000F0070000F0070001E0038001E0018003E00
1C002E000E00CC000383040000FC00001E217A9F23>I<01FFF3FFE0001F003E00001E003C0000
1E003C00001E003C00003C007800003C007800003C007800003C007800007800F000007800F000
007800F000007800F00000F001E00000FFFFE00000F001E00000F001E00001E003C00001E003C0
0001E003C00001E003C00003C007800003C007800003C007800003C007800007800F000007800F
000007800F000007800F00000F801F0000FFF1FFE000231F7D9E22>I<01FFF0001F00001E0000
1E00001E00003C00003C00003C00003C0000780000780000780000780000F00000F00000F00000
F00001E00001E00001E00001E00003C00003C00003C00003C0000780000780000780000780000F
8000FFF800141F7D9E12>I<001FFF0000F80000F00000F00000F00001E00001E00001E00001E0
0003C00003C00003C00003C0000780000780000780000780000F00000F00000F00000F00001E00
001E00301E00781E00F83C00F83C00F0780080700040E00021C0001F000018207D9E18>I<01FF
F03FE0001F000F80001E000E00001E000800001E001000003C002000003C004000003C01000000
3C020000007804000000780800000078100000007830000000F0F0000000F1F8000000F2780000
00F478000001E83C000001F03C000001E03C000001E01E000003C01E000003C01E000003C00F00
0003C00F000007800F00000780078000078007800007800780000F8007C000FFF03FF800231F7D
9E23>I<01FFF800001F0000001E0000001E0000001E0000003C0000003C0000003C0000003C00
000078000000780000007800000078000000F0000000F0000000F0000000F0000001E0000001E0
000001E0000001E0008003C0010003C0010003C0030003C00200078006000780060007800C0007
801C000F007800FFFFF800191F7D9E1D>I<01FE00007FC0001E0000FC00001E0000F800001700
01780000170001780000270002F00000270004F00000270004F00000270008F00000470009E000
00470011E00000470021E00000470021E00000870043C00000838043C00000838083C000008380
83C0000103810780000103820780000103820780000103840780000203840F00000203880F0000
0203900F00000203900F00000401E01E00000401E01E00000401C01E00000C01801E00001C0180
3E0000FF8103FFC0002A1F7D9E29>I<01FF007FE0001F000F00001F0004000017800400001780
040000278008000023C008000023C008000023C008000041E010000041E010000041F010000040
F010000080F0200000807820000080782000008078200001003C400001003C400001003C400001
001E400002001E800002001E800002000F800002000F800004000F000004000700000400070000
0C000700001C00020000FF80020000231F7D9E22>I<0001FC0000070700001C01C0003000E000
E0006001C000700380007007800038070000380E0000381E0000381C0000383C0000383C000038
78000078780000787800007878000078F00000F0F00000F0F00000E0F00001E0F00001C0F00003
C0700003807000070078000F0038001E0038003C001C0070000E00E0000783800001FC00001D21
7A9F23>I<01FFFF80001E00E0001E0070001E0038001E003C003C003C003C003C003C003C003C
003C0078007800780078007800F0007800E000F003C000F00F0000FFFC0000F0000001E0000001
E0000001E0000001E0000003C0000003C0000003C0000003C00000078000000780000007800000
078000000F800000FFF000001E1F7D9E1F>I<01FFFF00001E03C0001E00E0001E0070001E0078
003C0078003C0078003C0078003C0078007800F0007800F0007801E0007801C000F0070000F01E
0000FFF00000F0380001E01C0001E01E0001E00E0001E00F0003C01E0003C01E0003C01E0003C0
1E0007803C0007803C0807803C0807803C100F801C10FFF00C20000007C01D207D9E21>82
D<0007E040001C18C0003005800060038000C0038001C001800180010003800100038001000380
01000380000003C0000003C0000003F8000001FF800001FFE000007FF000001FF0000001F80000
00780000007800000038000000380020003800200038002000300060007000600060006000E000
7000C000E8038000C606000081F800001A217D9F1A>I<0FFFFFF01E0780E01807802010078020
20078020200F0020600F0020400F0020400F0020801E0040001E0000001E0000001E0000003C00
00003C0000003C0000003C00000078000000780000007800000078000000F0000000F0000000F0
000000F0000001E0000001E0000001E0000001E0000003E00000FFFF00001C1F789E21>I<7FFC
1FF807C003C00780010007800100078001000F0002000F0002000F0002000F0002001E0004001E
0004001E0004001E0004003C0008003C0008003C0008003C000800780010007800100078001000
78001000F0002000F0002000F0002000F0004000F0004000700080007001000030020000380400
000C18000007E000001D20779E22>I87 D<00FFF07FE0000F801F00000F001C00000F80
1000000780300000078020000007C040000003C080000003C100000003E200000001E400000001
EC00000001F800000000F000000000F800000000F800000000F8000000017C000000023C000000
063C000000043E000000081E000000101E000000201F000000400F000000800F000001800F8000
010007800007000780001F000FC000FFC07FF800231F7E9E22>I<00F1800389C00707800E0380
1C03803C0380380700780700780700780700F00E00F00E00F00E00F00E20F01C40F01C40703C40
705C40308C800F070013147C9317>97 D<07803F8007000700070007000E000E000E000E001C00
1C001CF01D0C3A0E3C0E380F380F700F700F700F700FE01EE01EE01EE01CE03CE038607060E031
C01F0010207B9F15>I<007E0001C1000300800E07801E07801C07003C02007800007800007800
00F00000F00000F00000F00000F0000070010070020030040018380007C00011147C9315>I<00
00780003F80000700000700000700000700000E00000E00000E00000E00001C00001C000F1C003
89C00707800E03801C03803C0380380700780700780700780700F00E00F00E00F00E00F00E20F0
1C40F01C40703C40705C40308C800F070015207C9F17>I<007C01C207010E011C013C01380278
0C7BF07C00F000F000F000F0007000700170023804183807C010147C9315>I<00007800019C00
033C00033C000718000700000700000E00000E00000E00000E00000E0001FFE0001C00001C0000
1C00001C0000380000380000380000380000380000700000700000700000700000700000700000
E00000E00000E00000E00000C00001C00001C0000180003180007B0000F300006600003C000016
29829F0E>I<003C6000E27001C1E00380E00700E00F00E00E01C01E01C01E01C01E01C03C0380
3C03803C03803C03803C07003C07001C0F001C17000C2E0003CE00000E00000E00001C00001C00
301C00783800F0700060E0003F8000141D7E9315>I<01E0000FE00001C00001C00001C00001C0
00038000038000038000038000070000070000071E000763000E81800F01C00E01C00E01C01C03
801C03801C03801C0380380700380700380700380E10700E20700C20701C20700C40E00CC06007
0014207D9F17>I<00C001E001E001C000000000000000000000000000000E0033002300438043
00470087000E000E000E001C001C001C003840388030807080310033001C000B1F7C9E0E>I<01
E0000FE00001C00001C00001C00001C0000380000380000380000380000700000700000703C007
04200E08E00E11E00E21E00E40C01C80001D00001E00001FC00038E00038700038700038384070
7080707080707080703100E03100601E0013207D9F15>107 D<03C01FC0038003800380038007
000700070007000E000E000E000E001C001C001C001C0038003800380038007000700070007100
E200E200E200E200640038000A207C9F0C>I<1C0F80F0002630C318004740640C004780680E00
4700700E004700700E008E00E01C000E00E01C000E00E01C000E00E01C001C01C038001C01C038
001C01C038001C01C0708038038071003803806100380380E10038038062007007006600300300
380021147C9325>I<1C0F802630C04740604780604700704700708E00E00E00E00E00E00E00E0
1C01C01C01C01C01C01C03843803883803083807083803107003303001C016147C931A>I<007C
0001C3000301800E01C01E01C01C01E03C01E07801E07801E07801E0F003C0F003C0F003C0F007
80F00700700F00700E0030180018700007C00013147C9317>I<01C1E002621804741C04781C04
701E04701E08E01E00E01E00E01E00E01E01C03C01C03C01C03C01C0380380780380700380E003
C1C0072380071E000700000700000E00000E00000E00000E00001C00001C0000FFC000171D8093
17>I<00F0400388C00705800E03801C03803C0380380700780700780700780700F00E00F00E00
F00E00F00E00F01C00F01C00703C00705C0030B8000F3800003800003800007000007000007000
00700000E00000E0000FFE00121D7C9315>I<1C1E002661004783804787804707804703008E00
000E00000E00000E00001C00001C00001C00001C00003800003800003800003800007000003000
0011147C9313>I<00FC030206010C030C070C060C000F800FF007F803FC003E000E700EF00CF0
0CE008401020601F8010147D9313>I<018001C0038003800380038007000700FFF007000E000E
000E000E001C001C001C001C003800380038003820704070407080708031001E000C1C7C9B0F>
I<0E00C03300E02301C04381C04301C04701C08703800E03800E03800E03801C07001C07001C07
001C07101C0E20180E20180E201C1E200C264007C38014147C9318>I<0E03803307802307C043
83C04301C04700C08700800E00800E00800E00801C01001C01001C01001C02001C02001C04001C
04001C08000E300003C00012147C9315>I<0E00C1C03300E3C02301C3E04381C1E04301C0E047
01C060870380400E0380400E0380400E0380401C0700801C0700801C0700801C0701001C070100
1C0602001C0F02000C0F04000E13080003E1F0001B147C931E>I<0383800CC4401068E01071E0
2071E02070C040E00000E00000E00000E00001C00001C00001C00001C040638080F38080F38100
E5810084C60078780013147D9315>I<0E00C03300E02301C04381C04301C04701C08703800E03
800E03800E03801C07001C07001C07001C07001C0E00180E00180E001C1E000C3C0007DC00001C
00001C00003800F03800F07000E06000C0C0004380003E0000131D7C9316>I<01C04003E08007
F1800C1F0008020000040000080000100000200000400000800001000002000004010008020010
02003E0C0063FC0041F80080E00012147D9313>I124
D E /Fh 80 125 df<001F83E000F06E3001C078780380F8780300F03007007000070070000700
700007007000070070000700700007007000FFFFFF800700700007007000070070000700700007
007000070070000700700007007000070070000700700007007000070070000700700007007000
070070000700700007007000070070007FE3FF001D20809F1B>11 D<003F0000E0C001C0C00381
E00701E00701E0070000070000070000070000070000070000FFFFE00700E00700E00700E00700
E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700
E00700E07FC3FE1720809F19>I<003FE000E0E001C1E00381E00700E00700E00700E00700E007
00E00700E00700E00700E0FFFFE00700E00700E00700E00700E00700E00700E00700E00700E007
00E00700E00700E00700E00700E00700E00700E00700E00700E00700E07FE7FE1720809F19>I<
001F81F80000F04F040001C07C06000380F80F000300F00F000700F00F00070070000007007000
000700700000070070000007007000000700700000FFFFFFFF0007007007000700700700070070
070007007007000700700700070070070007007007000700700700070070070007007007000700
70070007007007000700700700070070070007007007000700700700070070070007007007007F
E3FE3FF02420809F26>I<7038F87CFC7EFC7E743A040204020402080408041008100820104020
0F0E7E9F17>34 D<00780000008400000184000003020000070200000702000007020000070200
00070400000704000007080000070800000310000003A00FFC03C003E0038001C001C0008001C0
010003E0010004E0020008F00200187004003078080070380800701C1000F01E1000F00E2000F0
074000F003C0087003C0087801C010380670301C18386007E00F801E227EA023>38
D<70F8FCFC74040404080810102040060E7C9F0D>I<0020004000800100020006000C000C0018
0018003000300030007000600060006000E000E000E000E000E000E000E000E000E000E000E000
E0006000600060007000300030003000180018000C000C000600020001000080004000200B2E7D
A112>I<800040002000100008000C00060006000300030001800180018001C000C000C000C000
E000E000E000E000E000E000E000E000E000E000E000E000C000C000C001C00180018001800300
0300060006000C00080010002000400080000B2E7DA112>I<70F8FCFC74040404080810102040
060E7C840D>44 DI<70F8F8F87005057C840D>I<000100030003000600
060006000C000C000C00180018001800300030003000600060006000C000C000C0018001800180
0300030003000600060006000C000C000C00180018001800300030003000600060006000C000C0
00C000102D7DA117>I<03F0000E1C001C0E00180600380700700380700380700380700380F003
C0F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C07003
807003807003807807803807001806001C0E000E1C0003F000121F7E9D17>I<018003800F80F3
800380038003800380038003800380038003800380038003800380038003800380038003800380
0380038003800380038007C0FFFE0F1E7C9D17>I<03F0000C1C00100E00200700400780800780
F007C0F803C0F803C0F803C02007C00007C0000780000780000F00000E00001C00003800007000
00600000C0000180000300000600400C00401800401000803FFF807FFF80FFFF80121E7E9D17>
I<03F0000C1C00100E00200F00780F80780780780780380F80000F80000F00000F00000E00001C
0000380003F000003C00000E00000F000007800007800007C02007C0F807C0F807C0F807C0F007
80400780400F00200E001C3C0003F000121F7E9D17>I<000600000600000E00000E00001E0000
2E00002E00004E00008E00008E00010E00020E00020E00040E00080E00080E00100E00200E0020
0E00400E00C00E00FFFFF0000E00000E00000E00000E00000E00000E00000E0000FFE0141E7F9D
17>I<1803001FFE001FFC001FF8001FE00010000010000010000010000010000010000011F000
161C00180E001007001007800003800003800003C00003C00003C07003C0F003C0F003C0E00380
400380400700200600100E000C380003E000121F7E9D17>I<007C000182000701000E03800C07
801C0780380300380000780000700000700000F1F000F21C00F40600F80700F80380F80380F003
C0F003C0F003C0F003C0F003C07003C07003C07003803803803807001807000C0E00061C0001F0
00121F7E9D17>I<4000007FFFC07FFF807FFF8040010080020080020080040000080000080000
100000200000200000400000400000C00000C00001C00001800003800003800003800003800007
8000078000078000078000078000078000078000030000121F7D9D17>I<03F0000C0C00100600
3003002001806001806001806001807001807803003E03003F06001FC8000FF00003F80007FC00
0C7E00103F00300F806003804001C0C001C0C000C0C000C0C000C0C00080600180200100100200
0C0C0003F000121F7E9D17>I<03F0000E18001C0C00380600380700700700700380F00380F003
80F003C0F003C0F003C0F003C0F003C07007C07007C03807C0180BC00E13C003E3C00003800003
80000380000700300700780600780E00700C002018001070000FC000121F7E9D17>I<70F8F8F8
700000000000000000000070F8F8F87005147C930D>I<70F8F8F8700000000000000000000070
F0F8F878080808101010202040051D7C930D>I<0FC0307040384038E03CF03CF03C603C003800
7000E000C001800180010003000200020002000200020002000000000000000000000007000F80
0F800F8007000E207D9F15>63 D<000100000003800000038000000380000007C0000007C00000
07C0000009E0000009E0000009E0000010F0000010F0000010F000002078000020780000207800
00403C0000403C0000403C0000801E0000801E0000FFFE0001000F0001000F0001000F00020007
800200078002000780040003C00E0003C01F0007E0FFC03FFE1F207F9F22>65
DI<000FC040007030C001C009C0038005C0070003C00E0001C0
1E0000C01C0000C03C0000C07C0000407C00004078000040F8000000F8000000F8000000F80000
00F8000000F8000000F8000000F8000000F8000000780000007C0000407C0000403C0000401C00
00401E0000800E000080070001000380020001C0040000703800000FC0001A217D9F21>III
I<000FE0200078186000E004E0038002E0070001E00F0000E01E0000601E0000603C0000603C00
00207C00002078000020F8000000F8000000F8000000F8000000F8000000F8000000F8000000F8
007FFCF80003E0780001E07C0001E03C0001E03C0001E01E0001E01E0001E00F0001E0070001E0
038002E000E0046000781820000FE0001E217D9F24>III<0FFFC0007C00003C00003C
00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C
00003C00003C00003C00003C00003C00003C00203C00F83C00F83C00F83C00F038004078004070
0030E0000F800012207E9E17>IIIII<001F800000F0F000
01C0380007801E000F000F000E0007001E0007803C0003C03C0003C07C0003E0780001E0780001
E0F80001F0F80001F0F80001F0F80001F0F80001F0F80001F0F80001F0F80001F0F80001F07800
01E07C0003E07C0003E03C0003C03C0003C01E0007800E0007000F000F0007801E0001C0380000
F0F000001F80001C217D9F23>II82 D<07E0800C1980100780300380600180600180E00180E00080E00080E00080F0
0000F000007800007F00003FF0001FFC000FFE0003FF00001F800007800003C00003C00001C080
01C08001C08001C08001C0C00180C00380E00300F00600CE0C0081F80012217D9F19>I<7FFFFF
E0780F01E0600F0060400F0020400F0020C00F0030800F0010800F0010800F0010800F0010000F
0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F000000
0F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000001F8000
07FFFE001C1F7E9E21>IIII89 D
91 D<080410082010201040204020804080408040B85CFC7EFC7E7C3E381C0F0E7B9F17>II<1FE000303000781800781C00300E00000E00000E00000E0000FE0007
8E001E0E00380E00780E00F00E10F00E10F00E10F01E10781E103867200F83C014147E9317>97
D<0E0000FE00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E3E
000EC3800F01C00F00E00E00E00E00700E00700E00780E00780E00780E00780E00780E00780E00
700E00700E00E00F00E00D01C00CC300083E0015207F9F19>I<03F80E0C1C1E381E380C700070
00F000F000F000F000F000F00070007000380138011C020E0C03F010147E9314>I<000380003F
8000038000038000038000038000038000038000038000038000038000038003E380061B801C07
80380380380380700380700380F00380F00380F00380F00380F00380F003807003807003803803
803807801C07800E1B8003E3F815207E9F19>I<03F0000E1C001C0E0038070038070070070070
0380F00380F00380FFFF80F00000F00000F000007000007000003800801800800C010007060001
F80011147F9314>I<007C00C6018F038F07060700070007000700070007000700FFF007000700
07000700070007000700070007000700070007000700070007000700070007007FF01020809F0E
>I<0000E003E3300E3C301C1C30380E00780F00780F00780F00780F00780F00380E001C1C001E
380033E0002000002000003000003000003FFE001FFF800FFFC03001E0600070C00030C00030C0
0030C000306000603000C01C038003FC00141F7F9417>I<0E0000FE00000E00000E00000E0000
0E00000E00000E00000E00000E00000E00000E00000E3E000E43000E81800F01C00F01C00E01C0
0E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C0
FFE7FC16207F9F19>I<1C003E003E003E001C000000000000000000000000000E007E000E000E
000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFC00A1F809E0C>
I<00E001F001F001F000E0000000000000000000000000007007F000F000700070007000700070
00700070007000700070007000700070007000700070007000700070007000706070F060F0C061
803F000C28829E0E>I<0E0000FE00000E00000E00000E00000E00000E00000E00000E00000E00
000E00000E00000E0FF00E03C00E03000E02000E04000E08000E10000E30000E70000EF8000F38
000E1C000E1E000E0E000E07000E07800E03800E03C00E03E0FFCFF815207F9F18>I<0E00FE00
0E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E
000E000E000E000E000E000E000E000E000E00FFE00B20809F0C>I<0E1F01F000FE618618000E
81C81C000F00F00E000F00F00E000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E00
0E00E00E000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E
000E00E00E00FFE7FE7FE023147F9326>I<0E3E00FE43000E81800F01C00F01C00E01C00E01C0
0E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C0FFE7FC
16147F9319>I<01F800070E001C03803801C03801C07000E07000E0F000F0F000F0F000F0F000
F0F000F0F000F07000E07000E03801C03801C01C0380070E0001F80014147F9317>I<0E3E00FE
C3800F01C00F00E00E00E00E00F00E00700E00780E00780E00780E00780E00780E00780E00700E
00F00E00E00F01E00F01C00EC3000E3E000E00000E00000E00000E00000E00000E00000E00000E
0000FFE000151D7F9319>I<03E0800619801C05803C0780380380780380700380F00380F00380
F00380F00380F00380F003807003807803803803803807801C0B800E138003E380000380000380
000380000380000380000380000380000380003FF8151D7E9318>I<0E78FE8C0F1E0F1E0F0C0E
000E000E000E000E000E000E000E000E000E000E000E000E000E00FFE00F147F9312>I<1F9030
704030C010C010C010E00078007F803FE00FF00070803880188018C018C018E030D0608F800D14
7E9312>I<020002000200060006000E000E003E00FFF80E000E000E000E000E000E000E000E00
0E000E000E000E080E080E080E080E080610031001E00D1C7F9B12>I<0E01C0FE1FC00E01C00E
01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E
03C00603C0030DC001F1FC16147F9319>III<7FC3FC0F01E00701C007018003810001C20000E40000EC
00007800003800003C00007C00004E000087000107000303800201C00601E01E01E0FF07FE1714
809318>II<3FFF380E200E201C40384078407000E001E0
01C00380078007010E011E011C0338027006700EFFFE10147F9314>III E /Fi 40 122 df<0003E0001C1800381800703C00E03C00E03801
C00001C00001C00001C00001C0000380007FFFF00380700380700380700380700700E00700E007
00E00700E00700E00700E00E01C00E01C00E01C00E01C00E01C00E01C01C03801E03C0FF0FF816
207E9F19>12 D<038007C007C007C007C00780078007800700070007000F000E000E000E000E00
0C000C000C000C000800080008000000000000000000000030007800F800780070000A217CA00D
>33 D<381C7C3E7C3E7E3F3A1D040204020402080408041008201040208040100E7A9F17>I<38
7C7C7E3A040404080810204080070E789F0D>39 D<1C3E7E7E3A0202040408081020C0070E7D84
0D>44 DI<3078F8787005057C840D>I<07E01838201C401C701CF03CF0
3C603C0038007000E001C001800300020006000400040008000800080008000000000000000000
000030007800F800780070000E20799F15>63 D<00001000000018000000380000003800000078
00000078000000FC000001BC0000013C0000033C0000023C0000063C0000043E0000081E000008
1E0000101E0000101E0000201E0000200F0000400F0000400F0000FFFF0000800F0001000F8001
000780020007800200078004000780040007800C0007C03E0007C0FF807FFC1E207E9F22>65
D<07FFFF00007C01C0003C01E0003C00F0007800F8007800F8007800F8007800F8007800F80078
00F000F001F000F001E000F003C000F00F8000FFFE0000F00F0001E007C001E003C001E003E001
E001E001E001E001E001E003C001E003C003E003C003E003C003C003C007C003C00F8007800F00
07803E00FFFFF0001D1F7E9E20>I<07FFFF00007C01E0003C00F0003C00780078003C0078003C
0078001E0078001E0078001E0078001F00F0001F00F0001F00F0001F00F0001F00F0001F00F000
1F01E0001E01E0003E01E0003E01E0003E01E0003C01E0007C03C0007803C000F003C000F003C0
01E003C003C003C0078007800F0007803C00FFFFE000201F7E9E23>68 D<0001FC04000F030C00
3C009C0070007C00E0003C01C0003803800018078000180F0000181F0000181E0000183E000010
3C0000007C0000007C0000007C0000007C000000F8000000F8000000F8007FFCF80003E0780001
E0780001E0780003C0780003C03C0003C03C0003C01C0003C00E0007C007000B800380118001E0
6080003F80001E217B9F24>71 D<07FFE0007C00003C00003C0000780000780000780000780000
780000780000F00000F00000F00000F00000F00000F00001E00001E00001E00001E00001E00001
E00003C00003C00003C00003C00003C00003C00007800007C000FFFC00131F7F9E10>73
D<07FC01FFC0003E003E00003E001800003E001800004F001000004F0010000047801000004780
10000043C010000043C010000083C020000081E020000081E020000080F020000080F020000080
782000010078400001007C400001003C400001003C400001001E400001001E400002000F800002
000F800002000F800002000780000200078000060003800006000300000F00010000FFE0010000
221F7E9E22>78 D<0003F800001E0E000038070000F0038001E001C003C001E0078001E00F0000
F00F0000F01F0000F01E0000F83E0000F83C0000F87C0000F87C0000F87C0000F87C0000F8F800
01F0F80001F0F80001F0F80001F0F80003E0780003E0780003C0780007C0781E07803C210F003C
409E001E409C000E80F8000740F00003C1C04000FEC0400000E0400000E0800000E1800000FF80
0000FF000000FF0000007E0000003C001D297B9F23>81 D<003F040060CC01803C03801C03001C
0700180600080E00080E00080E00080E00000F00000F80000FE00007FE0003FF8001FFC0007FE0
0007E00001E00000E00000F00000F04000E04000E04000E04000E06000C0600180E00380F80300
C60C0081F80016217D9F19>83 D<3FFFFFF03C0780F03007803060078030400F0010400F0010C0
0F0010800F0010800F0010800F0010001E0000001E0000001E0000001E0000001E0000001E0000
003C0000003C0000003C0000003C0000003C0000003C0000007800000078000000780000007800
00007800000078000000F0000001F800007FFFE0001C1F7A9E21>I87
D<060308041008201020104020402080408040B85CF87CF87CF87C7038100E779F17>92
D<07F8000C0C001E06001E07001C070000070000070000070000FF0007C7001E07003C0E00780E
00F00E10F00E10F00E10F01E10F02E20784F401F878014147D9317>97 D<0700003F00000F0000
0700000700000E00000E00000E00000E00000E00000E00001C00001C7C001D87001E03801C01C0
1C01C03801C03801E03801E03801E03801E03801E07003C07003C0700380700780700700700E00
E81C00C4380083E00013207B9F19>I<01FC07060E0F1C0F380E78007000F000F000F000F000E0
00E000E000E000F0027004300818300FC010147C9314>I<0000700003F00000F0000070000070
0000E00000E00000E00000E00000E00000E00001C000F9C00305C00E03C01C03C03801C0780380
700380F00380F00380F00380F00380E00700E00700E00700E00700E00700700F00301E00186F00
0F8FE014207C9F19>I<00F800070E000E07001C0700380380780380700380F00380F00380FFFF
80F00000E00000E00000E00000E00000F001007002003004001C180007E00011147D9314>I<00
07800018C00031E00061E000E1C000C00001C00001C00001C00001C00001C0000380007FF80003
80000380000380000380000700000700000700000700000700000700000E00000E00000E00000E
00000E00000E00001C00001E0000FFE00013207E9F0E>I<00000E003E1100E1A301C1C20381E0
0780E00701E00F01E00F01E00F01E00703C007038007870004FC000800000800001800001C0000
0FFF000FFFC007FFE01800F0300030600030C00030C00030C000306000603000C01C070007FC00
181F809417>I<00E00007E00001E00000E00000E00001C00001C00001C00001C00001C00001C0
00038000038F800390E003A0E003C0600380600780E00700E00700E00700E00700E00700E00E01
C00E01C00E01C00E01C00E01C00E01C01C03801E03C0FFCFF815207E9F19>I<01C003E003E003
C0018000000000000000000000000003801F800780038003800700070007000700070007000E00
0E000E000E000E000E001C001E00FF800B1F7F9E0C>I<00E00007E00001E00000E00000E00001
C00001C00001C00001C00001C00001C0000380000383FC0380F00380C003818003810007040007
0800071800073800077C00071C000E1C000E0E000E0E000E0F000E07000E07801C03801E07C0FF
8FF016207E9F18>107 D<00E007E001E000E000E001C001C001C001C001C001C0038003800380
0380038003800700070007000700070007000E000E000E000E000E000E001C001E00FFC00B207F
9F0C>I<0387C07C001F9861860007A072070003C0340300038038030007807807000700700700
07007007000700700700070070070007007007000E00E00E000E00E00E000E00E00E000E00E00E
000E00E00E000E00E00E001C01C01C001E01E01E00FFCFFCFFC022147E9326>I<038F801F90E0
07A0E003C0600380600780E00700E00700E00700E00700E00700E00E01C00E01C00E01C00E01C0
0E01C00E01C01C03801E03C0FFCFF815147E9319>I<00FC000387000E01801C00C03800E03800
E07000F0F000F0F000F0F000F0F000F0E001E0E001E0E001C0E003C0F00380700700380E001C1C
0007E00014147D9317>I<038E001FB38007C78003C78003830007800007000007000007000007
00000700000E00000E00000E00000E00000E00000E00001C00001E0000FFE00011147E9312>
114 D<01F2060E080618061802380438001E001FE00FF003F8003C401C400C400C600C6018E010
D0608FC00F147E9312>I<0080010001000100030007000F001E00FFF80E000E000E000E001C00
1C001C001C001C001C00380038203820382038203840384018800F000D1C7C9B12>I<1C0380FC
1F803C07801C03801C0380380700380700380700380700380700380700700E00700E00700E0070
0E00701E00701E00703C00305E001F9FC012147B9319>III<0FF83F8001E00E0001C00C0001C0080000
E0180000E0100000E0200000E0200000F040000070400000708000007080000071000000390000
003A0000003E0000003C0000003800000018000000100000001000000020000000200000004000
0070C00000F0800000F1000000E20000007C000000191D809318>121 D
E /Fj 71 126 df<03800007E0000FE0001E70001C70001C70001C70001C77E01CE7E01DE7E00F
C7000F8E000F0E001E0E003F1C007F1C00739C00E3F800E1F800E0F1C0E0F1C071F9C07FFFC03F
9F801E070013197F9816>38 D<00E001E0038007000E001C001C0038003800700070007000E000
E000E000E000E000E000E000E000E000700070007000380038001C001C000E000700038001E000
E00B217A9C16>40 DI<01C00001C00001C00001C00071C700F9CF807FFF001FFC0007F00007F0001FFC007FFF
00F9CF8071C70001C00001C00001C00001C00011127E9516>I<387C7E7E3E0E1E1C78F060070B
798416>44 DI<70F8F8F8700505788416>I<000180000380
000380000700000700000E00000E00001C00001C0000380000380000700000700000E00000E000
01C00001C0000380000380000700000700000E00000E00001C00001C0000380000380000700000
700000E00000E00000C0000011207E9C16>I<03E0000FF8001FFC001E3C00380E00780F007007
00700700E00380E00380E00380E00380E00380E00380E00380E00380F00780700700700700780F
003C1E001E3C001FFC000FF80003E00011197E9816>I<01800380038007800F807F80FF807380
038003800380038003800380038003800380038003800380038003807FF87FFC7FF80E197C9816
>I<07E0001FF8003FFC00783E00E00700F00780F0038060038000038000038000070000070000
0E00001C0000380000700000E00001C0000380000F00001E03803803807FFF80FFFF807FFF8011
197E9816>I<07E0001FF8003FFC00781E00780700300700000700000700000E00003E0007FC00
07F00007FC00001E00000700000300000380000380600380F00380E00700781E003FFC001FF800
07E00011197E9816>I<007C0000FC0000DC0001DC00039C00039C00071C000F1C000E1C001E1C
003C1C00381C00781C00F01C00FFFFE0FFFFE0FFFFE0001C00001C00001C00001C00001C0001FF
C001FFC001FFC013197F9816>I<3FFE003FFE003FFE0038000038000038000038000038000038
00003800003BF0003FFC003FFE003C0F00300700000380000380600380F00380F00380E0070078
1E003FFC001FF80007E00011197E9816>I<00F80003FC0007FE000F07001C0F00380F00780600
700000700000E3F800EFFC00FFFE00F80F00F00700F00380E00380E00380700380700380700780
3807003C1E001FFC000FF80003E00011197E9816>II<07F0001FFC003FFE007C
1F00F00780E00380E00380E003807007007C1F001FFC0007F0001FFC003C1E00700700F00780E0
0380E00380E00380F007807007007C1F003FFE001FFC0007F00011197E9816>I<03E0000FF800
1FFC003C1E00700E00700700E00700E00780E00380E00380E00780700780780F803FFF801FFB80
0FE380000700000700300700780E00781C007078003FF0001FE0000F800011197E9816>I<70F8
F8F870000000000000000070F8F8F8700512789116>I<387C7C7C38000000000000000038787C
7C3C1C1C3870E0400618799116>I62 D<00F80003FC0007FE000F07001C3F80387F8078FF8071C3C071C3C0E381C0E3
81C0E381C0E381C0E381C0E381C0E381C071C38071C38078FF00387E001C3C000F03C007FFC003
FF0000FC0012197E9816>64 D<00E00001F00001F00001B00001B00003B80003B80003B8000318
00071C00071C00071C00071C00071C000E0E000E0E000FFE000FFE001FFF001C07001C07001C07
007F1FC0FF1FE07F1FC013197F9816>I<01F18007FB800FFF801F0F803C078038038070038070
0380F00000E00000E00000E00000E00000E00000E00000E00000F000007003807003803803803C
07001F0F000FFE0007FC0001F00011197E9816>67 D<7FF800FFFE007FFF001C0F001C07801C03
C01C01C01C01C01C01E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C01C01C01
C01C03C01C07801C0F807FFF00FFFE007FF8001319809816>I70
D<7F1FC0FFBFE07F1FC01C07001C07001C07001C07001C07001C07001C07001FFF001FFF001FFF
001C07001C07001C07001C07001C07001C07001C07001C07001C07007F1FC0FFBFE07F1FC01319
7F9816>72 DI76 DI<7E1FC0FF3FE0
7F1FC01D07001D87001D87001D87001DC7001DC7001CC7001CC7001CE7001CE7001CE7001C6700
1C67001C77001C77001C37001C37001C37001C17007F1F00FF9F007F0F0013197F9816>I<1FFC
003FFE007FFF00780F00F00780E00380E00380E00380E00380E00380E00380E00380E00380E003
80E00380E00380E00380E00380E00380F00780F00780780F007FFF003FFE001FFC0011197E9816
>I<7FF800FFFE007FFF001C0F801C03801C03C01C01C01C01C01C01C01C03C01C03801C0F801F
FF001FFE001FF8001C00001C00001C00001C00001C00001C00001C00007F0000FF80007F000012
197F9816>I<7FE000FFF8007FFC001C1E001C0F001C07001C07001C07001C07001C0F001C1E00
1FFC001FF8001FFC001C1C001C0E001C0E001C0E001C0E001C0E201C0E701C0E707F07E0FF87E0
7F03C014197F9816>82 D<07E3001FFF003FFF00781F00F00700E00700E00700E00000F0000078
00003F80001FF00007FC0000FE00000F00000700000380000380600380E00380E00700F80F00FF
FE00FFFC00C7F00011197E9816>I<7FFFE0FFFFE0FFFFE0E0E0E0E0E0E0E0E0E0E0E0E000E000
00E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E000
00E00007FC000FFE0007FC0013197F9816>I<7F07F0FF8FF87F07F01C01C01C01C01C01C01C01
C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C00E03
800E038007070007FF0003FE0000F8001519809816>I87 D89
D91
DII<03000F803FE0FDF8F07840100D067C9816>II<081C3C7870E0E0E0E0F0F87830060D789B16>I<1FE0003FF000
7FF800783C00300E00000E00000E0003FE001FFE003E0E00700E00E00E00E00E00E00E00783E00
7FFFE03FE7E00F83E013127E9116>I<7E0000FE00007E00000E00000E00000E00000E00000E3E
000EFF000FFF800F83C00F00E00E00E00E00700E00700E00700E00700E00700E00700E00E00F01
E00F83C00FFF800EFF00063C001419809816>I<03F80FFC1FFE3C1E780C7000E000E000E000E0
00E000F000700778073E0E1FFC0FF803F010127D9116>I<003F00007F00003F00000700000700
00070000070003C7000FF7001FFF003C1F00780F00700700E00700E00700E00700E00700E00700
E00700700F00700F003C1F001FFFE00FE7F007C7E014197F9816>I<03E00FF81FFC3C1E780E70
07E007FFFFFFFFFFFFE000E000700778073C0F1FFE0FFC03F010127D9116>I<001F00007F8000
FF8001E78001C30001C00001C0007FFF00FFFF00FFFF0001C00001C00001C00001C00001C00001
C00001C00001C00001C00001C00001C00001C0003FFE007FFF003FFE0011197F9816>I<03E3C0
07F7E00FFFE01C1CC0380E00380E00380E00380E00380E001C1C000FF8001FF0001BE000380000
1800001FFC001FFF003FFF807803C0E000E0E000E0E000E0E000E07001C07C07C03FFF800FFE00
03F800131C7F9116>I<7E0000FE00007E00000E00000E00000E00000E00000E3C000EFE000FFF
000F87800F03800E03800E03800E03800E03800E03800E03800E03800E03800E03800E03807FC7
F0FFE7F87FC7F01519809816>I<018003C003C0018000000000000000007FC07FC07FC001C001
C001C001C001C001C001C001C001C001C001C001C07FFFFFFF7FFF101A7D9916>I<0030007800
78003000000000000000001FF81FF81FF800380038003800380038003800380038003800380038
003800380038003800380038003800386070F0F0FFE07FC03F800D237E9916>I<7E0000FE0000
7E00000E00000E00000E00000E00000E7FE00E7FE00E7FE00E0F000E1E000E3C000E78000EF000
0FF0000FF8000FBC000F1E000E0E000E07000E07807F87F0FFCFF07F87F01419809816>III<7E3C00FEFE007FFF000F87800F0380
0E03800E03800E03800E03800E03800E03800E03800E03800E03800E03807FC7F0FFE7F87FC7F0
1512809116>I<03E0000FF8001FFC003C1E00780F00700700E00380E00380E00380E00380E003
80F00780700700780F003C1E001FFC000FF80003E00011127E9116>I<7E3E00FEFF007FFF800F
83C00F00E00E00E00E00700E00700E00700E00700E00700E00700E00E00F01E00F83C00FFF800E
FF000E3C000E00000E00000E00000E00000E00000E00007FC000FFE0007FC000141B809116>I<
07C7000FE7001FF7003C1F00700F00700F00E00700E00700E00700E00700E00700E00700700F00
700F003C3F003FF7001FE70007C700000700000700000700000700000700000700003FE0007FF0
003FE0141B7E9116>II<0FEC3FFC7FFCF0
3CE01CE01C70007F801FF007F8003C600EE00EF00EF81EFFFCFFF8C7E00F127D9116>I<030000
0700000700000700000700007FFF00FFFF00FFFF00070000070000070000070000070000070000
07000007010007038007038007038007870003FE0001FC0000F80011177F9616>I<7E1F80FE3F
807E1F800E03800E03800E03800E03800E03800E03800E03800E03800E03800E03800E03800E0F
800FFFF007FBF803E3F01512809116>I<7F1FC0FF1FE07F1FC01C07001E0F000E0E000E0E000E
0E00071C00071C00071C00071C0003B80003B80003B80001F00001F00000E00013127F9116>I<
FF1FE0FFBFE0FF1FE038038038038038038038038038E38019F30019F30019B3001DB7001DB700
1DB7001DB7000F1E000F1E000F1E0013127F9116>I<7F1FC07F3FC07F1FC00F1C00073C0003B8
0003F00001F00000E00001E00001F00003B800073C00071C000E0E007F1FC0FF3FE07F1FC01312
7F9116>I<7F1FC0FF9FE07F1FC01C07000E07000E0E000E0E00070E00071C00071C00039C0003
9C0003980001B80001B80000F00000F00000F00000E00000E00000E00001C00079C0007BC0007F
80003F00003C0000131B7F9116>I<7C0000FF0000FF800003C00001C00001C00001C00001C000
01C00001C00001C00001C00001C00001E00000FF00007F80007F8000FF0001E00001C00001C000
01C00001C00001C00001C00001C00001C00001C00003C000FF8000FF00007C000011207E9C16>
125 D E /Fk 36 122 df<007E0001C1800301800703C00E03C00E01800E00000E00000E00000E
00000E0000FFFFC00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E
01C00E01C00E01C00E01C00E01C00E01C07F87F8151D809C17>12 D<60F0F07010101010202040
80040C7C830C>44 DI<60F0F06004047C830C>I<60F0F0600000000000
000000000060F0F06004127C910C>58 D70
D73 D77 DI<003F800000E0E0000380380007001C000E000E
001C0007003C00078038000380780003C0780003C0700001C0F00001E0F00001E0F00001E0F000
01E0F00001E0F00001E0F00001E0F00001E0700001C0780003C0780003C0380003803C0007801C
0007000E000E0007001C000380380000E0E000003F80001B1E7E9C20>I<07E0801C1980300580
700380600180E00180E00080E00080E00080F00000F800007C00007FC0003FF8001FFE0007FF00
00FF80000F800007C00003C00001C08001C08001C08001C0C00180C00180E00300D00200CC0C00
83F800121E7E9C17>83 D<7FFFFFC0700F01C0600F00C0400F0040400F0040C00F0020800F0020
800F0020800F0020000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F00
00000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000001F
800003FFFC001B1C7F9B1E>II87 D<1FC000307000783800781C00301C00001C00001C0001FC
000F1C00381C00701C00601C00E01C40E01C40E01C40603C40304E801F870012127E9115>97
DI<07E00C301878307870306000E000E000E000E000E000
E00060007004300418080C3007C00E127E9112>I<003F00000700000700000700000700000700
00070000070000070000070000070003E7000C1700180F00300700700700600700E00700E00700
E00700E00700E00700E00700600700700700300700180F000C370007C7E0131D7E9C17>I<03E0
0C301818300C700E6006E006FFFEE000E000E000E00060007002300218040C1803E00F127F9112
>I<00F8018C071E061E0E0C0E000E000E000E000E000E00FFE00E000E000E000E000E000E000E
000E000E000E000E000E000E000E000E000E007FE00F1D809C0D>I<00038003C4C00C38C01C38
80181800381C00381C00381C00381C001818001C38000C300013C0001000003000001800001FF8
001FFF001FFF803003806001C0C000C0C000C0C000C06001803003001C0E0007F800121C7F9215
>II<18003C003C00180000000000000000000000000000
00FC001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C00FF80091D
7F9C0C>I107 DIII<03F0000E1C00180600300300700380600180E001C0E001C0E001C0
E001C0E001C0E001C06001807003803003001806000E1C0003F00012127F9115>II114 D<1F9030704030C010C010E010F8007F803FE00FF000F880388018C018C018E0
10D0608FC00D127F9110>I<04000400040004000C000C001C003C00FFE01C001C001C001C001C
001C001C001C001C001C101C101C101C101C100C100E2003C00C1A7F9910>IIII121 D E /Fl 7 117 df<00038000000380000007C0000007C0000007C000000FE000
000FE000001FF000001BF000001BF0000031F8000031F8000061FC000060FC0000E0FE0000C07E
0000C07E0001803F0001FFFF0003FFFF8003001F8003001F8006000FC006000FC00E000FE00C00
07E0FFC07FFEFFC07FFE1F1C7E9B24>65 D<0FF8001C1E003E0F803E07803E07C01C07C00007C0
007FC007E7C01F07C03C07C07C07C0F807C0F807C0F807C0780BC03E13F80FE1F815127F9117>
97 DI<03FC000E0E001C1F003C1F00781F00780E00F800
00F80000F80000F80000F80000F800007800007801803C01801C03000E0E0003F80011127E9115
>I114 D<1FD830786018E018E018F000FF
807FE07FF01FF807FC007CC01CC01CE01CE018F830CFC00E127E9113>I<030003000300030007
0007000F000F003FFCFFFC1F001F001F001F001F001F001F001F001F001F0C1F0C1F0C1F0C0F08
079803F00E1A7F9913>I E /Fm 13 122 df<3078FCFC7830060676851A>46
D<003E0001FF8003FFC007C1E00F00E01E0F703C3FF0387FF07070F870E07870E078E1C038E1C0
38E1C038E1C038E1C038E1C038E1C038E1C03870E07070E0707070E0387FE03C3FC01E0F000F00
3807C0F803FFF001FFE0003F00151E7E9D1A>64 D<1FF0003FFC007FFE00780F00300700000380
000380007F8007FF801FFF803F8380780380700380E00380E00380E00380700780780F803FFFFC
1FFDFC07F0FC16157D941A>97 DI<00FF8003FFC0
0FFFE01F01E03C00C0780000700000700000E00000E00000E00000E00000E00000700000700000
7800703C00701F01F00FFFE003FFC000FE0014157D941A>I<01F80007FF000FFF801E07C03C01
C07800E07000E0E00070E00070FFFFF0FFFFF0FFFFF0E000007000007000007800703C00701F01
F00FFFE003FFC000FE0014157D941A>101 D108
D<7CE0E000FFFBF8007FFFF8001F1F1C001E1E1C001E1E1C001C1C1C001C1C1C001C1C1C001C1C
1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C007F1F1F00FF
9F9F807F1F1F00191580941A>I<01F00007FC001FFF003E0F803C07807803C07001C0E000E0E0
00E0E000E0E000E0E000E0E000E0F001E07001C07803C03C07803E0F801FFF0007FC0001F00013
157D941A>111 D<07FB801FFF807FFF80780780E00380E00380E003807800007FC0003FFC0007
FE00003F800007806001C0E001C0E001C0F003C0FC0780FFFF00EFFE00E3F80012157C941A>
115 D<00C00001C00001C00001C00001C00001C00001C0007FFFE0FFFFE0FFFFE001C00001C000
01C00001C00001C00001C00001C00001C00001C00001C00001C07001C07001C07001C07000E0E0
00FFE0007FC0001F00141C7F9B1A>II<7FC3FCFFC7FE7FC3FC0E00E00E00E00700E00701C00781C00381C003838003
C38001C38001C70000E70000E70000E600006600006E00003C00003C00003C0000380000380000
380000700000700030700078E00071E0007FC0003F80001E000017207F941A>121
D E /Fn 21 122 df<0007800000001C6003800030100780006010078000E010038000C0100100
01C07001000380F002000380F002000380600400070000080007000010000700006000073C00A0
0007E20310000781041000070108080007011008000F022008001F842008001C782C08003C003E
080038003E080078001C0800780000080078000008007000001000F00000100070000020007000
0020007800004000380000800038000100001C000200000E000C00000380700000007F80000021
257BA325>38 D<0E1E1E1E1E02020404080810204080070F7D840F>44 D<000003000000030000
0007000000070000000F0000000F0000001F0000002F0000002F0000004F0000004F8000008780
000087800001078000020780000207800004078000040780000807800008078000100780003007
8000200780007FFF80004007C0008007C0008003C0010003C0030003C0020003C0040003C00400
03C00C0003C03C0007C0FF003FFC1E237DA224>65 D<00FFFFE0000F0038000F001C000F001E00
1E000E001E000F001E000F001E000F003C000E003C001E003C001E003C003C00780078007800F0
007801E00078078000FFFF8000F001E000F000F000F0007801E0007801E0003801E0003C01E000
3C03C0007803C0007803C0007803C000F0078000F0078001E0078003C0078007000F801E00FFFF
F00020227DA122>I<00FFF87FFC000F000780000F000780000F000780001E000F00001E000F00
001E000F00001E000F00003C001E00003C001E00003C001E00003C001E000078003C000078003C
000078003C000078003C0000FFFFF80000F000780000F000780000F000780001E000F00001E000
F00001E000F00001E000F00003C001E00003C001E00003C001E00003C001E000078003C0000780
03C000078003C000078003C0000F8007C000FFF87FFC0026227DA124>72
D<0007FFC000003C0000003C0000003C00000078000000780000007800000078000000F0000000
F0000000F0000000F0000001E0000001E0000001E0000001E0000003C0000003C0000003C00000
03C00000078000000780000007800000078000000F0000000F0000380F0000780F0000F81E0000
F81E0000F03C0000403800004070000021E000001F8000001A237CA11A>74
D<00FFFC00000F8000000F0000000F0000001E0000001E0000001E0000001E0000003C0000003C
0000003C0000003C00000078000000780000007800000078000000F0000000F0000000F0000000
F0000001E0000001E0000001E0002001E0002003C0004003C0004003C0008003C0008007800180
078001000780030007800F000F803E00FFFFFE001B227DA11F>76 D<00FF800007FC000F80000F
80000F80001780000F80001780001780002F000013C0002F000013C0004F000013C0008F000023
C0009E000023C0011E000023C0011E000023C0021E000043C0043C000043C0043C000043C0083C
000041E0083C000081E01078000081E02078000081E02078000081E04078000101E040F0000101
E080F0000101E100F0000101E100F0000200F201E0000200F201E0000200F401E0000200F801E0
000400F803C0000400F003C0000400F003C0000C00E003C0001E00C007C000FFC0C07FFC002E22
7DA12C>I<00FF000FFC000F8001E0000F800180000FC000800013C001000013C001000011E001
000011E001000021E002000020F002000020F002000020F0020000407804000040780400004078
040000403C040000803C080000803E080000801E080000801E080001001F100001000F10000100
0F10000100079000020007A000020007A000020003E000020003E000040003C000040001C00004
0001C0000C0001C0001E00008000FFC000800026227DA124>I<1FFFFFF81E03C0381803C01830
03C01820078018200780184007801040078010400F0010800F0010800F0010000F0000001E0000
001E0000001E0000001E0000003C0000003C0000003C0000003C00000078000000780000007800
000078000000F0000000F0000000F0000000F0000001E0000001E0000001E0000001E0000003E0
0000FFFF00001D2277A123>84 D<00F8C00185C00705C00E03800E03801C03803C038038070078
0700780700780700F00E00F00E00F00E00F00E10F01C20701C20703C20305C40308C400F078014
157B9419>97 D<03C03F8003800380038007000700070007000E000E000E000E001C001CF81D0C
1E0E3C0638073807380F700F700F700F700FE01EE01EE01EE03CE038E038607060E031C01F0010
237BA216>I<00F803840E021C023C0238027804F018FFE0F000F000E000E000E000E000E002E0
026004701830600F800F157A9416>101 D<00C001E001C001C000000000000000000000000000
0000001C002300430043008700870087000E000E001C001C001C00380038003840708070807080
710032001C000B217BA00F>105 D<01E01FC001C001C001C00380038003800380070007000700
07000E000E000E000E001C001C001C001C0038003800380038007000700070007100E200E200E2
00E200640038000B237CA20C>108 D<007E0001C3000381800701C00E01C01C01E03C01E03801
E07801E07801E07801E0F003C0F003C0F00380F00780700700700E00700C0030180018700007C0
0013157B9419>111 D<1C1F002620804741C08783C08703C08701808700000E00000E00000E00
000E00001C00001C00001C00001C000038000038000038000038000070000030000012157B9415
>114 D<00FC000183000200800401800C03800C03000C00000F00000FF00007FC0003FE00003E
00000F00000700700700F00600F00600E004004008002030001FC00011157D9414>I<00C001C0
01C001C001C003800380038003800700FFF8070007000E000E000E000E001C001C001C001C0038
00380038003810702070207040708031001E000D1F7C9E10>I<1E00602300E04380E04381C083
81C08701C08701C00703800E03800E03800E03801C07001C07001C07001C07081C0E10180E101C
0E101C1E200C262007C3C015157B941A>I<1E00302300704380704380E08380E08700E08700E0
0701C00E01C00E01C00E01C01C03801C03801C03801C03801C07001C07001C07001C0F000C3E00
03CE00000E00000E00001C00601C00F03800F03000E0600080C0004380003E0000141F7B9418>
121 D E /Fo 20 119 df<70F8FCFC7404040404080810102040060F7C840E>44
D<70F8F8F87005057C840E>46 D<008003800F80F3800380038003800380038003800380038003
8003800380038003800380038003800380038003800380038003800380038003800380038007C0
FFFE0F217CA018>49 D<03F0000C1C001007002007804003C04003C08003E0F003E0F801E0F801
E0F801E02003E00003E00003C00003C0000780000700000E00001C0000180000300000600000C0
000180000100000200200400200800201800603000403FFFC07FFFC0FFFFC013217EA018>I<10
00801E07001FFF001FFE001FF80013E00010000010000010000010000010000010000010F80013
0E001407001803801003800001C00001C00001E00001E00001E00001E07001E0F001E0F001E0E0
01C08001C04003C04003802007001006000C1C0003F00013227EA018>53
D<01F000060C000C0600180700380380700380700380F001C0F001C0F001C0F001E0F001E0F001
E0F001E0F001E07001E07003E03803E01805E00C05E00619E003E1E00001C00001C00001C00003
80000380300300780700780600700C002018001030000FC00013227EA018>57
D<0001800000018000000180000003C0000003C0000003C0000005E0000005E000000DF0000008
F0000008F0000010F800001078000010780000203C0000203C0000203C0000401E0000401E0000
401E0000800F0000800F0000FFFF000100078001000780030007C0020003C0020003C0040003E0
040001E0040001E00C0000F00C0000F03E0001F8FF800FFF20237EA225>65
DI77 D<03F0200C0C601802603001E07000E0600060E00060E00060E00020E000
20E00020F00000F000007800007F00003FF0001FFE000FFF0003FF80003FC00007E00001E00000
F00000F0000070800070800070800070800070C00060C00060E000C0F000C0C80180C6070081FC
0014247DA21B>83 D<01FC000707000C03801C01C03801C07801E07000E0F000E0FFFFE0F00000
F00000F00000F00000F000007000007800203800201C00400E008007030000FC0013157F9416>
101 D<00007001F198071E180E0E181C07001C07003C07803C07803C07803C07801C07001C0700
0E0E000F1C0019F0001000001000001800001800001FFE000FFFC00FFFE03800F0600030400018
C00018C00018C000186000306000303800E00E038003FE0015217F9518>103
D<1C003E003E003E001C00000000000000000000000000000000000E00FE001E000E000E000E00
0E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFC00A227FA10E>105
D<0E00FE001E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00
0E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFE00B237FA20E>
108 D<0E1F80FE60C01E80E00F00700F00700E00700E00700E00700E00700E00700E00700E0070
0E00700E00700E00700E00700E00700E00700E00700E0070FFE7FF18157F941B>110
D<01FC000707000C01801800C03800E0700070700070F00078F00078F00078F00078F00078F000
78F000787000707800F03800E01C01C00E038007070001FC0015157F9418>I<0F8830786018C0
18C008C008E008F0007F803FE00FF001F8003C801C800C800CC00CC008E018D0308FC00E157E94
13>115 D<02000200020002000600060006000E001E003E00FFF80E000E000E000E000E000E00
0E000E000E000E000E000E040E040E040E040E040E040708030801F00E1F7F9E13>I<0E0070FE
07F01E00F00E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E
00700E00700E00F00E00F006017003827800FC7F18157F941B>II E /Fp 43 122 df<003F800001FFF00007E0FC00
0FC07E001F803F001F803F003F001F803F001F807F001FC07F001FC07F001FC07F001FC0FF001F
E0FF001FE0FF001FE0FF001FE0FF001FE0FF001FE0FF001FE0FF001FE0FF001FE0FF001FE0FF00
1FE0FF001FE0FF001FE0FF001FE0FF001FE07F001FC07F001FC07F001FC07F001FC03F001F803F
001F801F803F001F803F000FC07E0007E0FC0001FFF000003F80001B277DA622>48
D<000E00001E00007E0007FE00FFFE00FFFE00F8FE0000FE0000FE0000FE0000FE0000FE0000FE
0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE
0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE007FFFFE7FFFFE7FFF
FE17277BA622>I<00FF800003FFF0000FFFFC001F03FE003800FF007C007F80FE003FC0FF003F
C0FF003FE0FF001FE0FF001FE07E001FE03C003FE000003FE000003FC000003FC000007F800000
7F000000FE000000FC000001F8000003F0000003E00000078000000F0000001E0000003C00E000
7000E000E000E001C001C0038001C0070001C00FFFFFC01FFFFFC03FFFFFC07FFFFFC0FFFFFF80
FFFFFF80FFFFFF801B277DA622>I<007F800003FFF00007FFFC000F81FE001F00FF003F80FF00
3F807F803F807F803F807F801F807F800F007F800000FF000000FF000000FE000001FC000001F8
000007F00000FFC00000FFF0000001FC0000007E0000007F0000007F8000003FC000003FC00000
3FE000003FE03C003FE07E003FE0FF003FE0FF003FE0FF003FC0FF007FC07E007F807C007F003F
01FE001FFFFC0007FFF00000FF80001B277DA622>I<00000E0000001E0000003E0000007E0000
00FE000000FE000001FE000003FE0000077E00000E7E00000E7E00001C7E0000387E0000707E00
00E07E0000E07E0001C07E0003807E0007007E000E007E000E007E001C007E0038007E0070007E
00E0007E00FFFFFFF8FFFFFFF8FFFFFFF80000FE000000FE000000FE000000FE000000FE000000
FE000000FE000000FE00007FFFF8007FFFF8007FFFF81D277EA622>I<0C0003000F803F000FFF
FE000FFFFC000FFFF8000FFFF0000FFFE0000FFFC0000FFE00000E0000000E0000000E0000000E
0000000E0000000E0000000E7FC0000FFFF8000F80FC000E003E000C003F0000001F8000001FC0
00001FC000001FE000001FE018001FE07C001FE0FE001FE0FE001FE0FE001FE0FE001FC0FC001F
C078003F8078003F803C007F001F01FE000FFFF80003FFF00000FF80001B277DA622>I<0007F0
00003FFC0000FFFE0001FC0F0003F01F8007E03F800FC03F801FC03F801F803F803F801F003F80
00007F0000007F0000007F000000FF000000FF0FC000FF3FF800FF707C00FFC03E00FFC03F00FF
801F80FF801FC0FF001FC0FF001FE0FF001FE0FF001FE07F001FE07F001FE07F001FE07F001FE0
3F001FE03F001FC01F801FC01F803F800FC03F0007E07E0003FFFC0000FFF000003FC0001B277D
A622>I<380000003E0000003FFFFFF03FFFFFF03FFFFFF07FFFFFE07FFFFFC07FFFFF807FFFFF
0070000E0070000E0070001C00E0003800E0007000E000E0000000E0000001C000000380000007
800000078000000F0000000F0000001F0000001F0000003F0000003E0000003E0000007E000000
7E0000007E0000007E000000FE000000FE000000FE000000FE000000FE000000FE000000FE0000
00FE0000007C0000003800001C297CA822>I<003FC00001FFF00003FFFC0007C07E000F003F00
1E001F001E000F803E000F803E000F803F000F803F000F803FC00F003FF01F001FFC1E001FFE3C
000FFFF80007FFE00003FFF80001FFFC0001FFFE0007FFFF000F0FFF801E03FFC03C01FFC07C00
7FE078001FE0F80007E0F80007E0F80003E0F80003E0F80003E0F80003C07C0003C07C0007803F
000F001FC03E000FFFFC0003FFF800007FC0001B277DA622>I<007F800001FFF00007FFF8000F
E0FC001F807E003F803F007F003F007F001F80FF001F80FF001FC0FF001FC0FF001FC0FF001FE0
FF001FE0FF001FE0FF001FE07F001FE07F003FE03F003FE01F807FE00F807FE007C1DFE003FF9F
E0007E1FE000001FE000001FC000001FC000001FC000003F801F003F803F803F003F803F003F80
7E003F807C001F01F8001E03F0000FFFE00007FF800001FE00001B277DA622>I<000003800000
000007C00000000007C0000000000FE0000000000FE0000000000FE0000000001FF0000000001F
F0000000003FF8000000003FF8000000003FF80000000073FC0000000073FC00000000F3FE0000
0000E1FE00000000E1FE00000001C0FF00000001C0FF00000003C0FF80000003807F8000000780
7FC0000007003FC0000007003FC000000E003FE000000E001FE000001E001FF000001C000FF000
001FFFFFF000003FFFFFF800003FFFFFF80000780007FC0000700003FC0000700003FC0000E000
01FE0000E00001FE0001E00001FF0001C00000FF0001C00000FF00FFFE001FFFFEFFFE001FFFFE
FFFE001FFFFE2F297EA834>65 DI<00003FF00180
0003FFFE0380000FFFFF8780003FF007DF8000FF8001FF8001FE00007F8003FC00003F8007F000
001F800FF000000F801FE0000007801FE0000007803FC0000007803FC0000003807FC000000380
7F80000003807F8000000000FF8000000000FF8000000000FF8000000000FF8000000000FF8000
000000FF8000000000FF8000000000FF8000000000FF80000000007F80000000007F8000000000
7FC0000003803FC0000003803FC0000003801FE0000003801FE0000007000FF00000070007F000
000E0003FC00001E0001FE00003C0000FF8000F800003FF007E000000FFFFFC0000003FFFF0000
00003FF8000029297CA832>IIII
73 D82 D<7FFFFFFFFFC07FFFFFFFFFC07FFFFFFF
FFC07F803FC03FC07E003FC007C078003FC003C078003FC003C070003FC001C0F0003FC001E0F0
003FC001E0E0003FC000E0E0003FC000E0E0003FC000E0E0003FC000E0E0003FC000E000003FC0
000000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000
003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC0
000000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000
003FC0000000003FC00000007FFFFFE000007FFFFFE000007FFFFFE0002B287EA730>84
D87 D<01FF800007FFF0000F81F800
1FC07E001FC07E001FC03F000F803F8007003F8000003F8000003F8000003F80000FFF8000FFFF
8007FC3F800FE03F803F803F803F003F807F003F80FE003F80FE003F80FE003F80FE003F807E00
7F807F00DF803F839FFC0FFF0FFC01FC03FC1E1B7E9A21>97 DI<001FF80000FFFE0003F01F0007E03F800FC03F801F803F803F801F007F80
0E007F0000007F000000FF000000FF000000FF000000FF000000FF000000FF000000FF0000007F
0000007F0000007F8000003F8001C01F8001C00FC0038007E0070003F01E0000FFFC00001FE000
1A1B7E9A1F>I<00003FF80000003FF80000003FF800000003F800000003F800000003F8000000
03F800000003F800000003F800000003F800000003F800000003F800000003F800000003F80000
0003F800001FE3F80000FFFBF80003F03FF80007E00FF8000FC007F8001F8003F8003F8003F800
7F0003F8007F0003F8007F0003F800FF0003F800FF0003F800FF0003F800FF0003F800FF0003F8
00FF0003F800FF0003F8007F0003F8007F0003F8007F0003F8003F8003F8001F8003F8000F8007
F80007C00FF80003F03BFF8000FFF3FF80003FC3FF80212A7EA926>I<003FE00001FFF80003F0
7E0007C01F000F801F801F800F803F800FC07F000FC07F0007C07F0007E0FF0007E0FF0007E0FF
FFFFE0FFFFFFE0FF000000FF000000FF0000007F0000007F0000007F0000003F8000E01F8000E0
0FC001C007E0038003F81F0000FFFE00001FF0001B1B7E9A20>I<0007F0003FFC00FE3E01F87F
03F87F03F07F07F07F07F03E07F00007F00007F00007F00007F00007F00007F000FFFFC0FFFFC0
FFFFC007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F000
07F00007F00007F00007F00007F00007F00007F00007F00007F0007FFF807FFF807FFF80182A7E
A915>I<00FF81F003FFE7F80FC1FE7C1F80FC7C1F007C383F007E107F007F007F007F007F007F
007F007F007F007F007F007F003F007E001F007C001F80FC000FC1F8001FFFE00018FF80003800
0000380000003C0000003E0000003FFFF8001FFFFF001FFFFF800FFFFFC007FFFFE01FFFFFF03E
0007F07C0001F8F80000F8F80000F8F80000F8F80000F87C0001F03C0001E01F0007C00FC01F80
03FFFE00007FF0001E287E9A22>II<0700
0F801FC03FE03FE03FE01FC00F8007000000000000000000000000000000FFE0FFE0FFE00FE00F
E00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE0
FFFEFFFEFFFE0F2B7DAA14>I107
DII
I<003FE00001FFFC0003F07E000FC01F801F800FC03F800FE03F0007E07F0007F07F0007F07F00
07F0FF0007F8FF0007F8FF0007F8FF0007F8FF0007F8FF0007F8FF0007F8FF0007F87F0007F07F
0007F03F800FE03F800FE01F800FC00FC01F8007F07F0001FFFC00003FE0001D1B7E9A22>II114 D<03FE300FFFF01E03F03800F0700070F00070F00070
F80070FC0000FFE0007FFE007FFF803FFFE01FFFF007FFF800FFF80003FC0000FC60007CE0003C
F0003CF00038F80038FC0070FF01E0F7FFC0C1FF00161B7E9A1B>I<0070000070000070000070
0000F00000F00000F00001F00003F00003F00007F0001FFFF0FFFFF0FFFFF007F00007F00007F0
0007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F03807F03807F0
3807F03807F03807F03803F03803F87001F86000FFC0001F8015267FA51B>IIIIII E /Fq 24 122 df<0FFE00E000E000E000E001C001C001C001C001C001
C00380038003800380038003800700070007000700070007000E000F00FFE00F1A7F990E>73
D<0FE01FF000F0038000F0010000B0010000B8010001380200011C0200011C0200010E0200010E
020001070200020704000207040002038400020384000201C4000201C4000400E8000400E80004
00E8000400780004007800040038000C0030001C001000FF8010001C1A7E991D>78
D<0FFFF000E03C00E00E00E00F00E00F01C00F01C00F01C00F01C00F01C00E01C01C0380380380
7003FFC00380000380000380000700000700000700000700000700000700000E00000F0000FFE0
00181A7E991A>80 D<007C200183600200E00400E00C00600800401800401800401C00001E0000
0F800007F80003FE0000FF00000F80000380000180000180400180400180400180400300600200
F00600CC180083F000131A7E9915>83 D<3FFFFF80380E0380200E0180600E0080400E0080401C
0080801C0080801C0080001C0000001C0000001C00000038000000380000003800000038000000
3800000038000000700000007000000070000000700000007000000070000000E0000000F00000
1FFF0000191A7C991C>II<07FE0FF800F003C000700300007002000038040000
380800001C1000001C3000000E2000000E4000000780000007000000038000000780000005C000
0009C0000010E0000020E0000040700000C07000018038000100380002001C0006001C001E003E
00FF80FFC01D1A7F991D>88 D<01FC06060C0E1804300070007000E000E000E000E00060007004
3008183007C00F107E8F11>99 D<000FC00001C00001C00001C00001C000038000038000038000
038000038001F380070F000C0700180700300700700700700700E00E00E00E00E00E00E00E0060
0E00600E00301C00187E000F9F80121A7E9915>I<01F006181C0C380C300E700E7FFEE000E000
E000E000600060043008183007C00F107E8F11>I<001E006300E701C601C00380038003800380
03803FF00700070007000700070007000E000E000E000E000E000E001C001E00FFC0101A7F990C
>I<00F8E0038F600706000E07000E07000E07000E0E000E0C0006180009F00018000018000018
00001FF8000FFE000FFF00300700600380600180C00300600300600600381C000FE0001318808F
13>I<0FC00001C00001C00001C00001C000038000038000038000038000038000039E00076300
0783800783800703800703800703800E07000E07000E07000E07000E07000E07001C0E001C0E00
FF9FC0121A7F9915>I<018003C003C001800000000000000000000000001F8007000700070007
00070007000E000E000E000E000E000E001C001C00FF800A1A80990A>I<1F9F07C00721886007
41D0700781E0700701C0700701C0700701C0700E0380E00E0380E00E0380E00E0380E00E0380E0
0E0380E01C0701C01C0701C0FF9FE7F81D107F8F20>109 D<1F9E000763000783800783800703
800703800703800E07000E07000E07000E07000E07000E07001C0E001C0E00FF9FC012107F8F15
>I<01F0060C1C061807300370037003E007E007E007E007600E600C301818700FC010107E8F13>
I<0FDF0003A0C003C0600380700380700380700380700700700700700700700700600700E00701
C00F03800E87000E7C000E00000E00000E00001C00001C00001C0000FF80001417808F15>I<1F
B8074C079C07880700070007000E000E000E000E000E000E001C001E00FFC00E107F8F0F>114
D<07EC0C181008300830083C003FC01FE007F00078403840184010E030D0608F800E107F8F0F>
I<02000600040004000C001C003C00FFC038003800380038003800380070007000708070807080
7080710072001C000A177C960F>II<3FC7E007838007820003840003C80001D00000F00000E000
00F00000F000013800023800041C00081C00381E00FC3FC013107F8F14>120
D<1FE1F80380E00380C003808003810001C10001C20001C20001C40000E40000E80000F80000F0
0000E000006000004000004000008000008000610000E20000E400007800001517808F14>I
E /Fr 19 117 df<70F8FCFCFC7C04040808102040060D7D850C>44 D<78FCFCFCFC7806067D85
0C>46 D<00C003C0FFC0FFC003C003C003C003C003C003C003C003C003C003C003C003C003C003
C003C003C003C003C07FFE7FFE0F187D9716>49 D<0FF0003FFC00787E00FC1F00FC1F80FC0F80
FC0F80780F80001F80001F00001E00003C0000780000700000E0000180000301800601800C0180
1003803FFF007FFF00FFFF00FFFF0011187E9716>I<07E0001FF8003C1C00781E00780F00F80F
00F80F00F80F80F80F80F80F80F80F80781F80381F801C2F8007CF80000F80000F00380F007C1F
007C1E00783C003078001FF0000FC00011187E9716>57 D66 D<07F0401FFDC03C0FC07803C07001C0F001C0F000
C0F000C0F80000FF00007FF8003FFF001FFF800FFFC001FFE0000FE00003F00001F0C000F0C000
F0C000F0E000E0F001E0FC03C0EFFF8083FE00141A7E9919>83 D<7FFFFF807FFFFF80781F0780
701F0380601F0180E01F01C0C01F00C0C01F00C0C01F00C0001F0000001F0000001F0000001F00
00001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F
0000001F000007FFFC0007FFFC001A1A7E991F>I<0FF0001C3C003E1E003E0E003E0F001C0F00
000F0000FF000FCF003E0F007C0F00F80F00F80F00F80F00F817007C27E01FC3E013117F9015>
97 DI<03F0000E1C001C0E003C0700780700780780F80780F80780FFFF80F800
00F800007800007800003C01801C03000E060003FC0011117F9014>101
D<3C007E007E007E007E003C0000000000000000007E007E001E001E001E001E001E001E001E00
1E001E001E001E001E001E00FF80FF80091B7F9A0D>105 D108 DII<03F8000E0E003C07803803807803C07803C0F803E0F803E0F803E0F803E0F803E0F803E078
03C07C07C03C07800E0E0003F80013117F9016>II114 D<06000600060006000E000E001E
003FF0FFF01E001E001E001E001E001E001E001E001E181E181E181E181E180F3003E00D187F97
11>116 D E end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 300dpi
TeXDict begin
%%EndSetup
%%Page: 1 1
0 bop 75 61 a Fr(T)l(o)13 b(app)q(ear)g(in)f Fq(Pro)q(ceedings)h(of)e(the)g
(Third)h(Usenix)g(UNIX)f(Securit)o(y)h(Sympisum)p Fr(,)j(Baltimore,)f(Septem)
o(b)q(er)e(1992.)p 75 70 1800 2 v 699 367 a Fp(There)22 b(Be)h(Dragons)773
495 y Fo(Stev)o(en)15 b(M.)g(Bello)o(vin)716 553 y Fn(A)l(T&T)j(Bel)r(l)h(L)n
(ab)n(or)n(atories)801 611 y(Murr)n(ay)d(Hil)r(l,)j(NJ)719
669 y Fm(smb@ulyss)o(es.)o(att)o(.c)o(om)802 771 y Fo(August)e(15,)f(1992)884
943 y Fl(Abstract)251 1024 y Fk(Our)h(securit)o(y)g(gatew)o(a)o(y)f(to)g(the)
h(In)o(ternet,)h Fj(research.att.com)p Fk(,)13 b(pro)o(vides)k(only)e(a)i
(limited)189 1073 y(set)g(of)f(services.)29 b(Most)17 b(of)f(the)h(standard)g
(serv)o(ers)i(ha)o(v)o(e)d(b)q(een)i(replaced)g(b)o(y)e(a)h(v)n(ariet)o(y)f
(of)g(trap)189 1123 y(programs)c(that)i(lo)q(ok)f(for)h(attac)o(ks.)19
b(Using)14 b(these,)h(w)o(e)f(ha)o(v)o(e)g(detected)i(a)d(wide)h(v)n(ariet)o
(y)g(of)f(p)q(ok)o(es,)189 1173 y(ranging)e(from)g(simple)g(do)q(orknob-t)o
(wisting)h(to)g(determined)h(assaults.)k(The)c(attac)o(ks)g(range)g(from)189
1223 y(simple)e(attempts)i(to)g(log)f(in)g(as)h Fj(guest)f
Fk(to)h(forged)g(NFS)g(pac)o(k)o(ets.)19 b(W)m(e)12 b(b)q(eliev)o(e)i(that)f
(man)o(y)e(other)189 1273 y(sites)18 b(are)g(b)q(eing)f(prob)q(ed)h(but)g
(are)g(una)o(w)o(are)f(of)g(it:)25 b(the)18 b(standard)g(net)o(w)o(ork)g
(daemons)e(do)h(not)189 1322 y(pro)o(vide)e(administrators)e(with)i(either)h
(appropriate)f(con)o(trols)g(and)g(\014lters)h(or)f(with)g(the)g(logging)189
1372 y(necessary)h(to)d(detect)j(attac)o(ks.)75 1521 y Fp(1)69
b(In)n(tro)r(duction)257 1624 y Fi(\\Queer)16 b(things)f(y)o(ou)g(do)g(hear)g
(these)h(da)o(ys,)e(to)h(b)q(e)h(sure,")e(said)i(Sam.)257 1681
y(\\Ah,",)k(said)g(T)l(ed,)h(\\y)o(ou)e(do,)i(if)f(y)o(ou)f(listen.)35
b(But)20 b(I)g(can)g(hear)g(\014reside-tales)h(and)189 1738
y(c)o(hildren's)16 b(stories)f(at)g(home,)g(if)g(I)h(w)o(an)o(t)e(to.")257
1795 y(\\No)c(doubt)h(y)o(ou)g(can,")h(retorted)e(Sam,)h(\\and)g(I)g(daresa)o
(y)g(there's)g(more)f(truth)h(in)h(some)189 1851 y(of)e(them)h(than)g(y)o(ou)
g(rec)o(k)o(on.)18 b(Who)11 b(in)o(v)o(en)o(ted)h(the)f(stories)g(an)o(yw)o
(a)o(y?)18 b(T)l(ak)o(e)11 b(dragons)f(no)o(w.")257 1909 y(\\No)21
b(thank)h('ee,")h(said)g(T)l(ed,)g(\\I)f(w)o(on't.)40 b(I)22
b(heard)g(tell)h(of)f(them)g(when)g(I)g(w)o(as)g(a)189 1965
y(y)o(oungster,)14 b(but)h(there's)f(no)h(call)h(to)f(b)q(eliev)o(e)i(in)f
(them)f(no)o(w.)k(There's)c(only)g(one)g(Dragon)189 2022 y(in)h(Byw)o(ater,)e
(and)h(that's)f(Green,")h(he)g(said,)h(getting)f(a)g(general)g(laugh.)643
2133 y Fh(J.R.R.)h(T)l(olkien,)g Fg(L)n(or)n(d)g(of)g(the)h(R)o(ings)146
2244 y Fh(By)c(no)o(w,)f(it)h(is)h(widely)g(accepted)g(that,)e(among)g(other)
g(denizens)j(of)e(the)g(In)o(ternet,)g(lurk)g(crac)o(k)o(ers.)1856
2228 y Ff(1)75 2301 y Fh(F)l(or)20 b(whatev)o(er)g(reason,)i(these)e(folks)h
(enjo)o(y)g(breaking)g(in)o(to)g(v)m(arious)g(computer)g(systems.)36
b(A)l(T&T)75 2357 y(app)q(ears)19 b(to)f(b)q(e)h(a)f(tempting)h(target.)29
b(Our)18 b(approac)o(h)h(to)f(this)h(problem)g(is)g(t)o(w)o(o-fold.)29
b(First,)19 b(most)75 2413 y(mac)o(hines)f(here)f(are)f(not)h(directly)h
(connected)g(to)e(the)h(In)o(ternet.)25 b(Rather,)17 b(w)o(e)g(rely)g(on)g
(application-)75 2470 y(lev)o(el)22 b(gatew)o(a)o(ys)d(and)i
Fg(pr)n(oxy)h(servers)p Fh([Che90)n(].)37 b(Second,)22 b(w)o(e)f(emplo)o(y)g
(a)f(v)m(ariet)o(y)h(of)f(monitors)h(and)75 2526 y(phon)o(y)15
b(daemons.)20 b(Instead)c(of)e(pro)o(viding)i(services)g(useful)h(to)d(b)q
(oth)h(legitimate)i(users)e(and)g(crac)o(k)o(ers,)p 75 2570
720 2 v 127 2596 a Fe(1)144 2612 y Fd(Some)g(call)h(them)f(\\crac)o(k)o
(ers",)g(and)h(some)e(call)i(them)f(\\hac)o(k)o(ers".)23 b(A)14
b(compromise)i(term)f(migh)o(t)g(b)q(e)g(\\c)o(hrac)o(k)o(ers".)75
2658 y(W)m(e)c(think)i(that)e(\\v)n(andals")j(is)d(more)h(appropriate,)h
(though)f(those)g(of)f(a)g(classical)j(b)q(en)o(t)e(ma)o(y)f(prefer)g(\\V)m
(andals",)i(or)e(ev)o(en)75 2704 y(\\Goths")j(or)f(\\Visigoths".)p
eop
%%Page: 2 2
1 bop 75 49 a Fh(these)18 b(log)g(the)f(request,)h(and)g(initiate)h
Fg(c)n(ounterintel)r(ligenc)n(e)d Fh(strategies)h(to)g(learn)h(something)g
(ab)q(out)75 106 y(the)d(source)h(of)e(the)i(request.)146 165
y(W)l(e)h(are)g(certainly)h(not)f(the)g(\014rst)g(ones)g(to)g(attempt)f(to)h
(tric)o(k)g(attac)o(k)o(ers[Sto88)m(,)g(Sto89)o(,)g(HM91)o(].)75
221 y(But)j(our)f(motiv)m(ation)i(is)f(somewhat)f(di\013eren)o(t.)34
b(W)l(e)20 b(do)g(not)f(exp)q(ect)i(to)e(prosecute,)i(b)q(ecause)g(\(w)o(e)75
278 y(hop)q(e\))f(no)g(damage)f(will)j(o)q(ccur)e(to)f(our)h(mac)o(hines.)34
b(\(This)21 b(is)f(not)f(to)h(sa)o(y)f(that)g(the)h(attac)o(k)o(ers)e(do)75
334 y(not)g(try)g(suc)o(h)h(things;)h(see,)f(for)f(example,)h([Che92].\))29
b(Nor,)18 b(in)h(general,)h(do)e(w)o(e)g(care)h(m)o(uc)o(h)f(ab)q(out)75
391 y(the)e(iden)o(tit)o(y)h(of)e(an)o(y)h(particular)h(attac)o(k)o(er.)j
(Rather,)c(w)o(e)g(wish)g(to)g(study)g(the)g(attac)o(k)o(ers')e(strategies,)
75 447 y(to)q(ols,)19 b(and)g(tec)o(hniques.)33 b(Our)19 b(goal)g(is)g(to)f
(learn)i(what)e(kinds)i(of)e(attac)o(ks)g(are)h(emplo)o(y)o(ed,)h(b)q(oth)f
(to)75 504 y(w)o(arn)14 b(others)h(and)g(to)g(protect)f(our)h(o)o(wn)f(net)o
(w)o(orks)g(from)h(in)o(ternal)h(crac)o(k)o(ers)e(or)g(from)h(outsiders)g
(who)75 560 y(ha)o(v)o(e)g(already)g(gained)h(a)f(fo)q(othold)g(within)i(our)
e(net)o(w)o(ork.)146 619 y(A)k(w)o(ord)g(on)g(the)h(alarm)f(messages)g(sho)o
(wn.)32 b(All)20 b(of)f(them)h(are)f(gen)o(uine,)i(tak)o(en)e(straigh)o(t)g
(from)75 676 y(our)d(log)g(\014les.)22 b(Ho)o(w)o(ev)o(er,)15
b(the)h(domain)g(names,)g(user)g(names,)g(logins,)g(and)g(IP)g(addresses)g
(ha)o(v)o(e)g(b)q(een)75 732 y(c)o(hanged)g(to)e(protect)h(the)g(priv)m(acy)h
(of)f(those)g(concerned.)75 892 y Fp(2)69 b(T)-6 b(o)r(ols)23
b(and)h(T)-6 b(raps)75 999 y Fh(Our)15 b(basic)h(strategy)e(is)h(simple:)21
b(except)16 b(for)e(the)h(few)g(serv)o(ers)g(w)o(e)f(actually)i(need)g(|)f
(mail,)h Fc(ftp)p Fh(,)e(and)75 1055 y Fc(telnet)j Fh(|)h(w)o(e)f(run)h(dumm)
o(y)g(serv)o(ers)f(for)g(lik)o(ely)j(services.)28 b(Some)17
b(of)h(these)g(are)f(quite)h(sp)q(ecialized;)75 1112 y(others)e(are)g
(generic)h(pac)o(k)o(et)f(suc)o(k)o(ers.)23 b(All)17 b(of)f(them,)g(though,)g
(log)h(the)f(incoming)i(data,)d(attempt)h(to)75 1168 y(trace)e(bac)o(k)f(the)
h(call,)h(and)f(|)h(when)f(feasible)i(|)e(try)f(to)h(distinguish)i(b)q(et)o
(w)o(een)e(legitimate)h(users)f(and)75 1224 y(outside)i(attac)o(k)o(ers.)146
1284 y(The)d Fc(finger)g Fh(serv)o(er)g(is)i(a)e(go)q(o)q(d)g(example.)21
b(A)o(ttempts)12 b(to)h Fc(finger)g Fh(a)g(particular)i(user)e(are)h(usually)
75 1340 y(b)q(enign)h(attempts)d(to)g(learn)i(an)f(electronic)h(mail)g
(address.)19 b(But)13 b(that)f(w)o(ould)i(not)f(w)o(ork)f(ev)o(en)h(without)
75 1397 y(our)f(monitor)h(program,)e(since)j(most)e(users)h(do)g(not)f(ha)o
(v)o(e)g(logins)i(on)e(the)h(gatew)o(a)o(y)e(mac)o(hine.)20
b(Instead,)75 1453 y(w)o(e)11 b(prin)o(t)h(a)f(message)g(explaining)j(ho)o(w)
d(to)f(send)i(mail)h(b)o(y)e(name.)19 b(Generic)12 b Fc(finger)f
Fh(attempts,)f(though,)75 1510 y(are)17 b(often)h(used)g(to)f(gather)h(login)
g(names)g(for)f(crac)o(king)h(attempts.)27 b(Therefore,)18
b(completely)h(b)q(ogus)75 1566 y(output)14 b(is)h(returned,)g(sho)o(wing)f
(that)g Fc(guest)g Fh(and)g Fc(berferd)g Fh(|)g(a)g(dumm)o(y)h(user)f(name)h
(|)g(are)f(logged)75 1622 y(in.)23 b(Coun)o(terin)o(telligence)18
b(mo)o(v)o(es,)d(whic)o(h)i(include)h(\\rev)o(erse)e Fc(finger)p
Fh(s",)f(are)g(not)h(done)g(in)h(this)f(case,)75 1679 y(for)f(fear)f(of)h
(triggering)g(a)g Fc(finger)g Fh(w)o(ar.)k(And)c(all)h(attempts)f(are)g
(logged,)g(for)f(later)h(analysis.)146 1738 y(The)c(so-called)h(\\)p
Fc(r)p Fh(-commands")f(also)g(merit)g(a)g(sp)q(ecial)i(serv)o(er,)e(b)q
(ecause)h(of)f(the)g(extra)g(information)75 1795 y(they)17
b(pro)o(vide.)24 b(F)l(or)16 b Fc(rlogin)g Fh(and)h Fc(rsh)p
Fh(,)f(the)h(proto)q(col)f(includes)j(b)q(oth)e(the)f(originating)i(user's)e
(login)75 1851 y(name)22 b(and)g(the)g(login)h(name)e(desired)j(on)d(our)h
(gatew)o(a)o(y)l(.)38 b(Th)o(us,)23 b(w)o(e)f(can)g(do)g(a)f(precisely-aimed)
75 1908 y(rev)o(erse)d Fc(finger)p Fh(,)f(and)h(w)o(e)g(can)g(assess)f(the)h
(lev)o(el)i(of)d(the)h(threat.)28 b(A)18 b(login)g(attempt)f(b)o(y)h(some)g
(user)75 1964 y Fc(foo)p Fh(,)h(and)g(requesting)h(the)f(same)f(login)i(on)f
Fc(research.att.com)p Fh(,)e(is)j(probably)f(a)g(harmless)g(error.)75
2020 y(On)c(the)g(other)g(hand,)g(an)g(attempt)e(b)o(y)i Fc(bin)g
Fh(to)f(execute)h(the)g Fc(domainname)f Fh(command)h(as)f Fc(bin)g
Fh(|)i(see)75 2077 y(Figure)e(1)g(|)h(represen)o(ts)f(enem)o(y)g(action.)20
b(\(It)13 b(also)i(suggests)e(that)g(the)i(attac)o(king)e(mac)o(hine)i(has)f
(b)q(een)75 2133 y(compromised.)25 b(Note,)16 b(to)q(o,)g(that)g(all)i(of)e
(the)h(p)q(eople)h(sho)o(wn)f(as)f(logged)h(in)h(are)e(idle.\))26
b(A)o(ttempts)16 b(to)75 2190 y Fc(rlogin)e Fh(as)h Fc(guest)g
Fh(from)f(a)h(legitimate)h(accoun)o(t)f(usually)i(fall)f(in)g(the)f(do)q
(orknob-t)o(wisting)g(category)l(.)146 2249 y(F)l(or)f(most)g(other)h
(services,)h(w)o(e)f(rely)g(on)g(a)g(simple)i(pac)o(k)o(et)d(suc)o(k)o(er.)20
b(That)15 b(is,)g(a)g(program)f(in)o(v)o(ok)o(ed)75 2306 y(b)o(y)k
Fc(inetd)f Fh(sits)i(on)f(the)g(so)q(c)o(k)o(et,)g(reading)g(and)h(logging)f
(an)o(ything)g(that)g(comes)g(along.)28 b(While)20 b(that)75
2362 y(is)e(happ)q(ening,)h(coun)o(terin)o(telligence)h(mo)o(v)o(es)d(are)g
(initiated.)28 b(The)18 b(TCP)f(pac)o(k)o(et)f(suc)o(k)o(er)i(exits)f(when)75
2418 y(the)e(connection)h(is)g(closed;)g(the)f(UDP)f(v)o(ersion)i(relies)g
(on)f(a)g(timeout,)g(but)g(will)i(also)e(exit)g(if)h(a)e(pac)o(k)o(et)75
2475 y(arriv)o(es)i(from)f(some)g(other)h(source.)22 b(The)16
b(information)g(gained)g(from)g(suc)o(h)g(a)f(simple)j(tec)o(hnique)f(can)75
2531 y(b)q(e)e(quite)g(in)o(teresting;)g(see)f(Figure)g(2.)20
b(It)14 b(sho)o(ws)f(an)i(attempt)e(to)g(grab)h(our)g(passw)o(ord)f(\014le)j
(via)e Fc(tftp)p Fh(.)146 2591 y(Exp)q(erience)20 b(with)f(the)f(pac)o(k)o
(et)g(suc)o(k)o(er)h(sho)o(w)o(ed)f(us)g(that)g(there)h(w)o(ere)f(a)g
(signi\014can)o(t)i(n)o(um)o(b)q(er)e(of)75 2647 y(requests)i(for)f(the)h
Fc(portmapper)e Fh(service.)35 b(The)20 b Fc(portmapper)p Fh(,)g(part)f(of)g
(Sun)i(Microsystem's)e(RPC)75 2704 y(pac)o(k)m(age,)h(maps)f(a)h(program)e
(iden)o(ti\014er)j(to)e(a)g(dynamically-assigned)j(p)q(ort)d(n)o(um)o(b)q
(er[Sun90].)33 b(The)p eop
%%Page: 3 3
2 bop 75 249 a Fj(From:)21 b([email protected])o(.com)75 298
y(To:)g(trappers)75 398 y(Attempted)f(rsh)h(to)g(inet[24640])75
448 y(Call)g(from)g(host)g(Some.Random.COM)e(\(176.75.92.87\))75
498 y(remuser:)h(bin)75 547 y(locuser:)g(bin)75 597 y(command:)g(domainname)
75 747 y(\(/usr/ucb/finger)e(@176.75.92.87;)h(/usr/ucb/finger)g
([email protected]\))f(2>&1)75 797 y([176.75.92.87])75 846 y(Login)152
b(Name)304 b(TTY)21 b(Idle)86 b(When)h(Where)75 896 y(rel)130
b(R.)22 b(Locke)304 b(co)65 b(4d)21 b(Sat)g(11:26)75 946 y(afu)130
b(Albert)21 b(Urban)217 b(p0)43 b(10:)21 b(Fri)g(13:51)43 b(seed.random.com)
75 996 y(rlh)130 b(Richard)20 b(L)i(Hart)174 b(p2)21 b(3:18)g(Sat)g(20:27)43
b(fatso1.random.c)75 1046 y(rel)130 b(R.)22 b(Locke)304 b(p4)65
b(3d)21 b(Mon)g(09:05)43 b(taxi.random.com)75 1095 y([176.75.92.87])75
1145 y(Login)21 b(name:)g(bin)75 1195 y(Directory:)f(/bin)75
1245 y(Never)h(logged)f(in.)75 1295 y(No)h(unread)g(mail)75
1345 y(No)g(Plan.)689 1492 y Fh(Figure)16 b(1:)j(An)d(attac)o(k)e(via)h
Fc(rsh)p Fh(.)75 1889 y Fj(From:)21 b([email protected])o(.com)75
1939 y(To:)g(trappers)75 1989 y(Subject:)f(udpsuck)g(tftp\(69\))75
2088 y(UDP)h(packet)g(from)g(host)g(some.small.edu)e(\(125.76.83.163\))o(:)g
(port)i(1406,)g(23)g(bytes)162 2138 y(0:)65 b(00012f65)20 b(74632f70)g
(61737377)h(64006e65)63 b(../etc/passwd.ne)140 2188 y(16:)i(74617363)20
b(696900)500 b(tascii.)75 2238 y(/usr/ucb/finger)19 b(@125.76.83.163)g(2>&1)
75 2288 y([125.76.83.163])75 2338 y(No)i(one)h(logged)e(on)75
2437 y(4)i(more)f(packets)f(received)325 2585 y Fh(Figure)15
b(2:)20 b(Sp)q(o)q(or)15 b(of)g(an)g(attac)o(k)f(detected)i(b)o(y)f(the)g
(UDP)g(pac)o(k)o(et)g(suc)o(k)o(er.)p eop
%%Page: 4 4
3 bop 75 49 a Fh(usual)17 b(proto)q(col)e(is)i(for)e(the)h(clien)o(t)h(to)f
(con)o(tact)f(the)h(serv)o(er's)f Fc(portmapper)f Fh(to)h(learn)i(what)e(p)q
(ort)h(that)75 106 y(service)i(is)g(curren)o(tly)f(using.)27
b(The)17 b Fc(portmapper)f Fh(supplies)j(that)e(information,)g(and)g(the)h
(clien)o(t)g(pro-)75 162 y(ceeds)j(to)f(con)o(tact)g(the)g(serv)o(er)h
(directly)l(.)37 b(This)21 b(mean)o(t,)g(though,)g(that)f(w)o(e)g(w)o(ere)g
(seeing)i(only)f(the)75 219 y(iden)o(ti\014er)h(of)f(the)g(service)h(b)q
(eing)g(requested,)g(and)f(not)f(the)h(actual)g(call)h(to)f(it.)37
b(Accordingly)l(,)23 b(w)o(e)75 275 y(decided)17 b(to)e(sim)o(ulate)h(the)f
Fc(portmapper)f Fh(itself.)146 332 y(Our)24 b(v)o(ersion,)i(called)f(the)f
Fc(portmopper)p Fh(,)g(do)q(es)g(not)g(k)o(eep)g(trac)o(k)f(of)g(an)o(y)h
(real)g(registrations.)75 388 y(Rather,)18 b(when)g(someone)f(requests)h(a)f
(service,)i(a)e(new)h(so)q(c)o(k)o(et)f(is)h(created,)g(and)g(its)g
(\(random\))e(p)q(ort)75 445 y(n)o(um)o(b)q(er)h(is)g(used)g(in)h(the)e
(reply)l(.)26 b(Naturally)l(,)17 b(w)o(e)f(attac)o(h)g(a)g(pac)o(k)o(et)g
(suc)o(k)o(er)h(to)f(this)h(new)g(p)q(ort,)f(so)g(w)o(e)75
501 y(can)f(capture)h(the)f(RPC)g(call.)146 558 y(Figure)20
b(3)g(sho)o(ws)f(excerpts)i(from)e(a)h(t)o(ypical)h(session.)35
b(W)l(e)20 b(prin)o(t)h(and)f(deco)q(de)h(all)g(the)g(go)q(o)e(in)75
614 y(the)d(pac)o(k)o(et,)f(b)q(ecause)i(w)o(e)f(do)g(not)g(kno)o(w)f(if)i
(someone)e(migh)o(t)h(try)g(RPC-lev)o(el)h(sub)o(v)o(ersion.)23
b(The)16 b(\014rst)75 671 y(useful)k(datum)g(is)g(delimited)h(b)o(y)f
Fc(***)e Fh(lines;)23 b(it)d(sho)o(ws)f(a)g(request)g(for)g(the)g(moun)o(t)g
(daemon,)h(using)75 727 y(TCP)l(.)13 b(Our)i(reply)f(\(not)f(sho)o(wn\))h
(assigned)g(p)q(ort)g Fc(0x691)f Fh(to)g(this)h(session.)20
b(Finally)l(,)c(the)e(input)h(on)f(that)75 784 y(p)q(ort)f(sho)o(ws)f(that)g
(pro)q(cedure)i(2)f(is)g(b)q(eing)h(called,)h(with)e(no)g(parameters.)18
b(There)c(is)f(curren)o(tly)g(no)g(co)q(de)75 840 y(to)h(in)o(terpret)g(the)g
(pro)q(cedure)i(n)o(um)o(b)q(ers,)e(but)g(a)g(quic)o(k)h(glance)g(at)f
Fc(/usr/include/rpcsvc/moun)o(t.h)75 897 y Fh(sho)o(ws)f(that)g(it's)h(a)f
(dump)h(request,)g(i.e.,)g(a)f(request)h(for)f(a)h(list)g(of)f(all)i(mac)o
(hines)g(moun)o(ting)e(an)o(y)h(of)f(our)75 953 y(\014le)h(systems.)k(It)13
b(is)g(also)f(w)o(orth)g(noting)h(that)f(our)g(coun)o(terin)o(telligence)j
(attempt)d(failed;)i(the)f(mac)o(hine)75 1009 y(in)j(question)g(is)g(not)e
(running)j(a)e Fc(finger)f Fh(daemon.)146 1066 y(An)j(alternate)f(approac)o
(h)h(w)o(ould)g(ha)o(v)o(e)f(b)q(een)i(to)e(use)h(the)g(standard)f
Fc(portmapper)p Fh(,)f(and)i(to)f(ha)o(v)o(e)75 1123 y(pac)o(k)o(et)e(suc)o
(k)o(ers)h(registered)g(for)f(eac)o(h)h(in)o(teresting)g(service.)21
b(W)l(e)15 b(rejected)g(this)g(approac)o(h)g(for)f(sev)o(eral)75
1179 y(reasons.)k(First)12 b(and)h(foremost,)e(w)o(e)h(ha)o(v)o(e)g(no)h
(reason)f(to)f(trust)h(the)g(securit)o(y)h(of)f(the)g Fc(portmapper)f
Fh(co)q(de)75 1235 y(or)k(the)g(asso)q(ciated)g(RPC)g(library)l(.)21
b(W)l(e)15 b(are)g(not)g(sa)o(ying,)f(of)h(course,)g(that)f(they)h(ha)o(v)o
(e)g(securit)o(y)h(holes;)75 1292 y(rather,)j(w)o(e)g(are)f(sa)o(ying)h(that)
g(w)o(e)f(do)h(not)g(kno)o(w)f(if)i(they)f(do.)31 b(And)20
b(w)o(e)e(are)h(morally)g(certain)h(that)75 1348 y(legions)d(of)f(w)o(ould-b)
q(e)h(crac)o(k)o(ers)f(are)g(studying)h(the)f(co)q(de)h(at)e(this)i(v)o(ery)f
(momen)o(t,)f(lo)q(oking)i(for)f(holes.)75 1405 y(T)l(o)g(b)q(e)h(sure,)g(w)o
(e)f(do)g(not)g(kno)o(w)g(that)f(our)i(co)q(de)g(is)f(bug-free;)h(it)g(is,)g
(ho)o(w)o(ev)o(er,)e(smaller)i(and)g(simpler,)75 1461 y(and)e(hence)i(less)e
(lik)o(ely)i(to)e(b)q(e)h(buggy)l(.)k(\(It)15 b(is)g(also)h(relativ)o(ely)g
(unkno)o(wn,)f(a)g(non-trivial)i(adv)m(an)o(tage.\))146 1518
y(A)d(second)g(reason)g(for)f(esc)o(hewing)i(the)g Fc(portmapper)d
Fh(is)j(that)e(w)o(e)h(do)g(not)g(kno)o(w)f(what)h(the)g(\\in)o(ter-)75
1574 y(esting")i(services)h(are.)23 b(Our)16 b(approac)o(h)g(do)q(es)h(not)e
(require)i(that)f(w)o(e)g(kno)o(w)f(in)i(adv)m(ance;)h(instead,)e(w)o(e)75
1631 y(can)f(detect)h(requests)f(for)f(an)o(ything.)146 1688
y(A)i(third)h(reason)e(is)i(that)e(b)o(y)i(its)f(nature,)g(the)g(RPC)g
(library)h(pro)o(vides)g(a)f(high-lev)o(el)i(abstraction)75
1744 y(to)f(the)h(actual)g(pac)o(k)o(ets.)26 b(This)18 b(is)h(useful)f(for)f
(programmers,)g(but)h(bad)f(for)h(us;)g(if,)g(sa)o(y)l(,)g(someone)f(is)75
1800 y(pla)o(ying)f(games)f(with)g(the)h(authen)o(ticators,)e(w)o(e)h(w)o(an)
o(t)f(to)g(kno)o(w)h(ab)q(out)g(it.)146 1857 y(Finally)l(,)20
b(w)o(e)d(w)o(an)o(ted)h(our)f(co)q(de)i(to)e(b)q(e)i(v)o(ery)e(p)q(ortable.)
29 b(In)19 b(particular,)g(w)o(e)e(w)o(an)o(t)g(it)h(to)g(run)g(on)75
1914 y(Plan)e(9)g(mac)o(hines[PPTT90)o(].)21 b(As)16 b(of)f(no)o(w,)g(no)h
(one)f(has)h(p)q(orted)g(RPC)g(to)f(Plan)h(9.)21 b(Doing)16
b(so)f(migh)o(t)75 1970 y(not)g(b)q(e)h(a)f(lot)g(of)g(w)o(ork,)e(but)j(it)f
(is)h(not)f(w)o(ork)f(w)o(e)h(are)g(in)o(terested)g(in)h(p)q(erforming.)75
2093 y Fb(2.1)56 b(Address)19 b(Space)f(Prob)r(es)75 2179 y
Fh(Our)d(gatew)o(a)o(y)l(,)e Fc(research.att.com)p Fh(,)f(is)i(a)h(w)o
(ell-kno)o(wn)g(mac)o(hine,)g(and)g(hence)g(attracts)e(crac)o(k)o(ers.)19
b(A)75 2236 y(clev)o(er)f(crac)o(k)o(er,)f(though,)g(migh)o(t)g(in)o(v)o
(estigate)h(further,)f(lo)q(oking)h(for)f(other)g(lik)o(ely)i(mac)o(hines)f
(to)f(try)l(.)75 2292 y(There)d(seemed)h(to)f(b)q(e)g(t)o(w)o(o)f(p)q
(ossibilitie)q(s:)22 b(blind)16 b(probing)f(of)e(the)i(address)f(space,)g(or)
g(examination)g(of)75 2349 y(our)h(domain)h(name)f(system)g(\(DNS\))f
(data[Mo)q(c87)n(].)20 b(W)l(e)15 b(decided)i(to)e(monitor)g(for)f(suc)o(h)i
(attempts.)146 2405 y(The)e(ob)o(vious)h(w)o(a)o(y)e(to)h(do)g(suc)o(h)h
(monitoring)g(is)g(to)e(put)i(a)f(net)o(w)o(ork)f(con)o(troller)i(in)o(to)f
(promiscuous)75 2462 y(mo)q(de)h(and)h(w)o(atc)o(h)e(the)h(pac)o(k)o(ets)f
(\015y)i(b)o(y)l(.)k(Indeed,)c(w)o(e)f(did)h(do)f(just)g(that;)f(ho)o(w)o(ev)
o(er,)g(the)h(solution)h(w)o(as)75 2518 y(not)f(at)f(all)j(straigh)o(t-forw)o
(ard.)g(The)f(gatew)o(a)o(y)d(mac)o(hine)k(runs)e(RISC/os)1347
2502 y Ff(2)1367 2518 y Fh(;)g(to)f(our)h(kno)o(wledge,)h(it)f(has)75
2575 y(no)k(user-lev)o(el)i(mec)o(hanisms)f(analagous)e(to)h(Sun's)g
Fc(nit)g Fh(driv)o(er.)32 b(W)l(e)19 b(did)i(ha)o(v)o(e)d(a)h(SP)l(AR)o
(Cstation)1855 2558 y Ff(3)p 75 2615 720 2 v 127 2642 a Fe(2)144
2658 y Fd(RISC/os)14 b(is)f(a)g(trademark)h(of)f(MIPS)g(Computer)h(Corp)q
(oration)127 2688 y Fe(3)144 2704 y Fd(SP)m(AR)o(Cstation)g(is)g(a)f
(trademark)h(of)e(SP)m(AR)o(C)h(In)o(ternational,)i(Inc.)p
eop
%%Page: 5 5
4 bop 75 465 a Fj(From:)21 b([email protected])o(.com)75 515
y(To:)g(trappers)75 565 y(Subject:)f(UDP)h(portmopper)f(from)h(Another.COM)f
(\(176.143.143.17)o(5\))75 665 y(Request:)162 714 y(0:)65 b(2974eaca)20
b(00000000)g(00000002)h(000186a0)63 b(\)t..............)140
764 y(16:)i(00000002)20 b(00000003)g(00000000)h(00000000)63
b(................)140 814 y(32:)i(00000000)20 b(00000000)g(000186a5)h
(00000001)63 b(................)140 864 y(48:)i(00000006)20
b(00000000)456 b(........)75 914 y(xid:)21 b(2974eaca)f(msgtype:)g(0)i
(\(call\))75 964 y(rpcvers:)e(2)i(prog:)e(100000)h(\(portmapper\))41
b(vers:)21 b(2)g(proc:)g(3)h(\(getport\))75 1013 y(Authenticator:)d
(credentials)75 1063 y(Authtype:)h(0)i(\(none\))e(length:)g(0)75
1113 y(Authenticator:)f(verifier)75 1163 y(Authtype:)h(0)i(\(none\))e
(length:)g(0)75 1262 y(***)75 1312 y(reqprog:)g(100005)h(\(mountd\))f(vers:)h
(1)g(proto:)g(6)g(port:)g(0)75 1362 y(***)75 1412 y(...)75
1462 y(/usr/ucb/finger)e(@176.143.143.175)f(2>&1)75 1511 y([176.143.143.175])
75 1561 y(connect:)i(Connection)g(refused)75 1661 y(Server)h(input:)162
1711 y(0:)65 b(2976c57d)20 b(00000000)g(00000002)h(000186a5)63
b(\)v.}............)140 1761 y(16:)i(00000001)20 b(00000002)g(00000000)h
(00000000)63 b(................)140 1810 y(32:)i(00000000)20
b(00000000)456 b(........)75 1860 y(xid:)21 b(2976c57d)f(msgtype:)g(0)i
(\(call\))75 1910 y(rpcvers:)e(2)i(prog:)e(100005)h(\(mountd\))42
b(vers:)21 b(1)g(proc:)g(2)75 1960 y(Authenticator:)e(credentials)75
2010 y(Authtype:)h(0)i(\(none\))e(length:)g(0)75 2059 y(Authenticator:)f
(verifier)75 2109 y(Authtype:)h(0)i(\(none\))e(length:)g(0)75
2159 y(Parameters:)576 2307 y Fh(Figure)c(3:)j(Output)d(from)e(the)i
Fc(portmopper)p Fh(.)p eop
%%Page: 6 6
5 bop 75 49 a Fh(that)17 b(w)o(e)h(could)i(connect)e(to)g(the)g(net;)i(since)
f(that)e(mac)o(hine)i(is)g(not)f(adequately)h(secure,)g(w)o(e)f(had)g(a)75
106 y(wire)e(cutter)f(in)o(tro)q(duce)h(itself)g(to)e(the)i(transmit)e(leads)
i(on)f(the)h(drop)f(cable.)146 164 y(Although)20 b(w)o(e)g(could)i(no)o(w)d
(listen,)k(w)o(e)d(could)h(not)f(learn)h(as)f(m)o(uc)o(h)g(as)g(w)o(e)g(w)o
(ould)g(lik)o(e.)36 b(Up)q(on)75 220 y(seeing)16 b(a)f(pac)o(k)o(et)f(for)h
(a)g(new)g(mac)o(hine,)h(our)f(router's)f(instinct)i(is)g(to)e(issue)i(an)f
(ARP)h(request[Plu82].)75 276 y(F)l(or)g(non-existen)o(t)h(mac)o(hines,)g(of)
f(course,)h(no)f(one)h(can)f(answ)o(er.)23 b(Ideally)l(,)c(the)d(monitoring)h
(mac)o(hine)75 333 y(w)o(ould)h(pic)o(k)g(up)f(suc)o(h)h(requests)f(and)g
(pro)o(vide)h(a)f(pro)o(xy)f(ARP)i(reply)l(.)27 b(Unfortunately)l(,)18
b(our)f(securit)o(y)75 389 y(measures)d(rendered)h(that)e(idea)i
(impractical.)21 b(W)l(e)14 b(th)o(us)f(ha)o(v)o(e)h Fc(research.att.com)e
Fh(handling)j(pro)o(xy)75 446 y(ARP)j(for)f(non-existen)o(t)h(mac)o(hines)g
(to)f(p)q(oin)o(t)h(them)f(to)o(w)o(ards)f(the)h(monitoring)h(mac)o(hine,)g
(a)f(bizarre)75 502 y(situation)d(indeed.)21 b(A)13 b(\014nal)h(problem)g(w)o
(as)f(that)f(the)h(ARP)h(table)g(is)g(limited)h(in)f(size,)g(so)f(w)o(e)g
(could)h(not)75 559 y(pro)o(vide)j(complete)h(co)o(v)o(erage)e(of)g(the)h
(address)g(space.)25 b(W)l(e)16 b(settled)i(for)e(the)h(mac)o(hines)g(listed)
h(in)g(the)75 615 y(DNS,)d(and)h(for)g(a)f(few)h(mac)o(hines)g(at)g(either)g
(end)h(of)e(the)h(range)g(to)f(detect)h(coun)o(ting)g(up)g(or)g(coun)o(ting)
75 672 y(do)o(wn.)23 b(Finally)l(,)17 b(w)o(e)f(used)h(the)f
Fc(tcpdump)g Fh(program)f(to)g(do)h(the)h(monitoring;)f(there)g(w)o(as)g(no)g
(p)q(oin)o(t)h(to)75 728 y(building)h(a)d(sp)q(ecial-purp)q(ose)i(pac)o(k)o
(et)e(deco)q(der)h(when)g(a)f(v)o(ery)g(nice)h(general)g(one)f(already)h
(existed.)146 786 y(The)c(results)g(of)f(this)i(trap)e(ha)o(v)o(e)g(b)q(een)i
(rather)f(curious.)19 b(W)l(e)12 b(ha)o(v)o(e)g(noticed)g(a)g(large)g(n)o(um)
o(b)q(er)g(of)f Fc(ftp)75 842 y Fh(connection)16 b(requests)f(to)g
Fc(192.20.225.1)p Fh(,)e(a)h(mac)o(hine)i(that)f(has)f(not)h(existed)h(for)e
(quite)i(some)f(time.)75 899 y(F)l(urthermore,)f(the)i(large)f(ma)s(jorit)o
(y)f(of)g(these)i(connection)g(attempts)e(ha)o(v)o(e)h(come)g(from)g(abroad.)
k(W)l(e)75 955 y(sp)q(eculate)d(that)f(some)g(old)h(databases)e(still)j(list)
f(its)f(address.)146 1013 y(W)l(e)f(ha)o(v)o(e)f(noticed)i(a)e(few)h
(attempts)f(to)g(connect)h(to)g(other)f(mac)o(hines.)20 b(F)l(or)14
b(the)g(most)f(part,)g(these)75 1070 y(ha)o(v)o(e)i(b)q(een)i(to)e
(DNS-listed)j(addresses,)d(rather)h(than)f(to)g(random)h(places)g(on)g(our)f
(net)o(w)o(ork,)g(and)h(the)75 1126 y(one)h(or)g(t)o(w)o(o)e(exceptions)j
(app)q(ear)f(to)g(b)q(e)h(acciden)o(tal.)26 b(This)18 b(log)f(\014le)h(is)f
(not)g(examined)h(in)g(real)f(time,)75 1183 y(so)f(w)o(e)g(ha)o(v)o(e)f(not)h
(b)q(een)h(able)g(to)f(engage)g(in)h(our)f(usual)h(coun)o(terin)o(telligence)
i(measures.)j(Comparing)75 1239 y(the)16 b(source)g(addresses)g(and)h
(timestamps)e(with)i(our)f(other)f(log)h(\014les)h(tends)g(to)e(sho)o(w)h
(other)f(forms)g(of)75 1295 y(sno)q(oping)h(going)f(on.)20
b(Suc)o(h)c(prob)q(es)f(should)i(lik)o(ely)g(b)q(e)e(considered)i(as)e
(hostile.)146 1353 y(One)21 b(set)g(of)g(prob)q(es)g(w)o(as)f(esp)q(ecially)k
(alarming.)37 b(Immediately)23 b(follo)o(wing)f(the)f(arrest)f(of)g(t)o(w)o
(o)75 1410 y(alleged)h(non-U.S.)e(system)f(crac)o(k)o(ers,)i(someone)f(else)h
(from)e(that)h(coun)o(try)g(launc)o(hed)h(a)f(systematic)75
1466 y(prob)q(e)f(of)f(our)g(net)o(w)o(ork's)g(address)g(space.)27
b(Our)18 b(kno)o(wn)g(mac)o(hine)g(w)o(as)f(ignored.)27 b(W)l(e)18
b(b)q(eliev)o(e)i(that)75 1523 y(this)j(w)o(as)f(an)h(attempt)e(at)h(rev)o
(enge,)j(and)d(that)g(our)h(w)o(ell-instrumen)o(ted)h(gatew)o(a)o(y)d(mac)o
(hine)j(w)o(as)75 1579 y(ignored)16 b(b)q(ecause)g(the)f(attac)o(k)o(ers)f
(knew)h(it)h(for)e(what)h(it)g(w)o(as.)146 1637 y(Of)g(late,)h(w)o(e)f(ha)o
(v)o(e)g(seen)h(concerted)g(attempts)f(to)f(connect)i(to)f(random)g
(addresses)h(of)f(ours.)21 b(The)75 1693 y(pattern)15 b(do)q(es)h(not)e
(suggest)h(an)g(attac)o(k;)f(rather,)g(it)i(suggests)f(hosts)f(that)h(are)g
(quite)h(confused)g(ab)q(out)75 1750 y(our)g(prop)q(er)g(IP)g(address.)23
b(The)16 b(problem)h(app)q(ears)f(to)f(b)q(e)i(corrupted)f(DNS)g(en)o(tries,)
h(whic)o(h)g(w)o(e)e(ha)o(v)o(e)75 1806 y(also)j(exp)q(erienced,)j(rather)c
(than)h(an)o(y)g(securit)o(y)g(problem.)30 b(This)18 b(problem)h(is)g
(discussed)g(further)f(in)75 1863 y([Bel92].)75 1993 y Fb(2.2)56
b(Coun)n(terin)n(telligence)75 2081 y Fh(When)13 b(a)f(prob)q(e)h(o)q(ccurs,)
f(w)o(e)h(try)e(to)h(learn)h(as)f(m)o(uc)o(h)g(ab)q(out)h(the)f(originating)h
(mac)o(hine)g(and)g(user)f(as)g(w)o(e)75 2138 y(can.)21 b(Th)o(us)16
b(far,)e(the)i(only)g(generally-a)o(v)m(ailable)j(mec)o(hanism)d(to)f(do)g
(that)g(is)h(the)g Fc(finger)e Fh(command.)75 2194 y(While)19
b(far)d(b)q(etter)h(than)g(nothing,)h(it)f(has)h(some)e(w)o(eaknesses.)26
b(Clev)o(er)18 b(crac)o(k)o(ers)e(ha)o(v)o(e)h(an)o(y)g(n)o(um)o(b)q(er)75
2251 y(of)e(w)o(a)o(ys)f(to)g(co)o(v)o(er)h(their)h(trac)o(ks,)d(suc)o(h)j
(as)f(o)o(v)o(erwriting)g Fc(/etc/utmp)e Fh(\(it)j(is)f(w)o(orld-writable)h
(on)f(man)o(y)75 2307 y(systems\))d(or)h(using)h(the)f(appropriate)g(options)
g(to)g Fc(xterm)p Fh(.)18 b(And)c(indeed,)h(w)o(e)e(ha)o(v)o(e)f(seen)i
(attac)o(ks)e(from)75 2363 y(mac)o(hines)k(that)e(claim)j(to)d(ha)o(v)o(e)h
(no)g(one)g(logged)h(in,)g(viz.)k(Figure)c(2.)146 2421 y(There)21
b(is)h(also)f(the)g(problem)h(of)f(p)q(ok)o(es)g(originating)h(from)e
(securit)o(y-conscious)j(sites.)38 b(Often,)75 2478 y(these)20
b(sites)h(restrict)f(or)f(disable)j(the)e Fc(finger)g Fh(daemon,)h(for)e(all)
i(the)f(ob)o(vious)h(reasons.)34 b(Figure)20 b(3)75 2534 y(sho)o(ws)13
b(an)h(example.)20 b(\(That)13 b(particular)h(prob)q(e)g(turned)g(out)f(to)h
(b)q(e)g(an)g(exp)q(erimen)o(t)g(b)o(y)g(a)f(friend.\))20 b(T)l(o)75
2591 y(b)q(e)c(sure,)f(securit)o(y-conscious)i(sites)e(are)g(probably)h(the)g
(least-lik)o(ely)h(to)e(b)q(e)h(p)q(enetrated.)k(But)c(no)f(one)75
2647 y(is)j(imm)o(une;)i(one)e(of)f(our)h(o)o(wn)f(theoretically-secure)j
(gatew)o(a)o(ys)c(w)o(as)h(successfully)j(attac)o(k)o(ed)c(o)o(v)o(er)h(a)75
2704 y(w)o(eek)o(end,)e(due)h(to)f(op)q(erator)f(error.)p eop
%%Page: 7 7
6 bop 146 49 a Fh(Some)18 b(sites)h(tak)o(e)f(their)i(o)o(wn)e(securit)o(y)h
(precautions.)31 b(One)19 b(\(unsolicited\))i(prob)q(er)e(noticed)g(our)75
106 y(rev)o(erse)c Fc(finger)f Fh(attempt,)g(and)i(congratulated)f(us)g(on)g
(it.)20 b(Others)c(who)f(though)o(t)f(w)o(e)h(w)o(ere)g(running)75
162 y(a)k(\\crac)o(k)o(er)f(c)o(hallenge)j(con)o(test")e(w)o(ere)g(able)h(to)
f(detect)g(our)g(activities)i(when)f(sp)q(eci\014cally)i(lo)q(oking)75
219 y(for)17 b(them.)26 b(The)18 b(w)o(orst)e(p)q(ossibilit)o(y)j(w)o(ould)f
(b)q(e)g(an)f(activ)o(e)h(resp)q(onse)g(to)e(our)h(prob)q(e;)i(it)f(could)g
(easily)75 275 y(trigger)e(a)g(recursiv)o(e)i Fc(finger)p Fh(ing)e(con)o
(test.)24 b(F)l(or)16 b(this)h(reason,)f(among)g(others,)g(w)o(e)h(do)f(not)g
(curren)o(tly)75 332 y(do)i(rev)o(erse)h Fc(finger)p Fh(s)e(in)j(resp)q(onse)
f(to)e Fc(finger)h Fh(queries,)i(but)e(the)h(problem)g(could)h(still)g
(arise.)30 b(F)l(or)75 388 y(example,)14 b(an)f Fc(rusers)g
Fh(query)g(to)g(us)g(w)o(ould)h(trigger)e(the)i Fc(portmopper)p
Fh('s)d(coun)o(terin)o(telligence)16 b(prob)q(es;)75 444 y(these)d(in)h(turn)
g(could)g(cause)f(the)h(remote)e(site)i(to)e(query)i(our)f
Fc(rusers)f Fh(daemon.)19 b(It)13 b(ma)o(y)g(b)q(e)h(necessary)75
501 y(to)h(add)g(some)g(lo)q(c)o(king)h(to)f(our)g(daemons.)146
559 y(W)l(e)f(ha)o(v)o(e)h(con)o(templated)g(adding)h(other)e(arro)o(ws)f(to)
i(our)f(coun)o(terin)o(telligence)k(quiv)o(er,)d(but)g(there)75
615 y(are)21 b(few)g(c)o(hoices)h(a)o(v)m(ailable.)40 b(The)22
b Fc(rusers)e Fh(command)h(is)h(an)f(ob)o(vious)h(p)q(ossibilit)o(y)l(,)j
(but)c(it)h(o\013ers)75 672 y(less)c(information)f(than)h Fc(finger)e
Fh(do)q(es.)27 b(T)l(o)17 b(b)q(e)h(sure,)f(b)q(ecause)i(it)e(go)q(es)g
(through)g(the)h Fc(portmapper)p Fh(,)75 728 y(it)i(is)g(harder)g(to)f(blo)q
(c)o(k)h(or)f(monitor;)i(unfortunately)l(,)g(man)o(y)e(sites)h(blo)q(c)o(k)g
(all)h(outside)f(calls)h(to)e(the)75 785 y Fc(portmapper)f
Fh(b)q(ecause)j(of)e(\(v)m(alid\))i(concerns)g(ab)q(out)e(the)h(securit)o(y)g
(of)g(some)f(RPC-based)h(services.)75 841 y(Another)14 b(c)o(hoice)i(w)o
(ould)f(b)q(e)g(the)g(Authen)o(tication)g(Serv)o(er[Joh85)o(],)f(but)h(our)f
(exp)q(erimen)o(ts)i(sho)o(w)e(that)75 898 y(v)o(ery)k(few)g(sites)g(supp)q
(ort)g(it.)29 b(And)19 b(SNMP[CFSD90)n(])f(is)h(generally)g(implemen)o(ted)h
(on)e(routers,)f(not)75 954 y(hosts.)146 1012 y(A)f(totally)g(di\013eren)o(t)
g(set)g(of)g(in)o(v)o(estigations)g(are)g(p)q(erformed)h(using)g(DNS)f(data.)
22 b(First)16 b(of)f(all,)i(w)o(e)75 1068 y(attempt)c(to)h(learn)h(the)g
(host)e(name)i(asso)q(ciated)f(with)h(the)g(prob)q(er's)f(IP)g(address,)h
(whic)o(h)g(should)g(b)q(e)g(a)75 1125 y(trivial)f(matter.)j(In)d(theory)l(,)
e(all)h(addresses)g(should)h(listed)f(in)h(the)e(in)o(v)o(erse)h(mapping)g
(tree;)g(in)h(practice,)75 1181 y(man)o(y)f(are)g(not.)19 b(This)c(problem)f
(seems)g(to)f(b)q(e)h(esp)q(ecially)i(commonplace)f(o)o(v)o(erseas,)d
(probably)i(due)h(to)75 1238 y(the)f(newness)h(of)e(the)h(connections.)21
b(In)14 b(suc)o(h)h(cases,)f(w)o(e)f(ha)o(v)o(e)h(to)f(lo)q(ok)i(for)e(the)h
(SO)o(A)h(and)f(NS)g(records)75 1294 y(asso)q(ciated)i(with)h(the)f(in)o(v)o
(erse)g(domain;)h(using)g(them,)e(w)o(e)h(attempt)f(a)h(zone)g(transfer)g(of)
f(the)i(in)o(v)o(erse)75 1351 y(domain,)f(and)f(scan)h(it)g(for)e(an)o(y)i
(host)f(names)g(at)g(all.)22 b(That,)14 b(\014nally)l(,)j(giv)o(es)f(the)f
(zone)h(name;)f(w)o(e)h(then)75 1407 y(transfer)e(the)i(forw)o(ard-mapping)f
(zone)g(and)g(searc)o(h)g(for)g(the)g(target's)f(address.)146
1465 y(On)i(a)f(few)h(o)q(ccasions,)g(this)g(pro)q(cedure)h(has)f(failed;)h
(w)o(e)e(ha)o(v)o(e)h(b)q(een)h(forced)f(to)f(resort)g(to)g(the)h(use)75
1522 y(of)h Fc(traceroute)p Fh(s,)f(man)o(ual)i Fc(finger)f
Fh(attempts,)f(and)i(ev)o(en)g(a)f(few)g Fc(telnet)g Fh(connections)i(to)d(v)
m(arious)75 1578 y(p)q(orts)c(to)f(see)h(if)h(an)o(y)e(serv)o(ers)h(announce)
g(the)g(host)g(and)g(domain)g(name.)19 b(Needless)14 b(to)d(sa)o(y)l(,)h
(none)g(of)g(this)75 1635 y(is)i(automated;)f(if)h(a)f(simple)i
Fc(gethostbyaddr\(\))d Fh(call)j(fails,)f(w)o(e)f(p)q(erform)h(an)o(y)f
(further)h(in)o(v)o(estigations)75 1691 y(ourselv)o(es.)146
1749 y(There)f(is)h(one)g(DNS-related)g(c)o(hec)o(k)f(that)g(w)o(e)g(do)h
(automate,)e(ho)o(w)o(ev)o(er.)18 b(It)c(is)g(b)o(y)f(no)o(w)g(w)o(ell-kno)o
(wn)75 1805 y(that)g(evil)i(games)e(can)h(b)q(e)g(pla)o(y)o(ed)g(with)g(the)g
(in)o(v)o(erse)g(mapping)g(tree)g(of)f(the)h(DNS.)f(T)l(o)g(detect)h(this,)g
(w)o(e)75 1862 y(p)q(erform)j(a)g(cross-c)o(hec)o(k;)h(using)g(the)f
(returned)h(name,)f(w)o(e)g(do)g(a)g(forw)o(ard)f(c)o(hec)o(k)h(to)g(learn)h
(the)f(legal)75 1918 y(addresses)d(for)f(that)g(host.)19 b(If)13
b(that)g(name)h(is)g(not)f(listed,)i(or)e(if)h(the)g(addresses)g(do)f(not)h
(matc)o(h,)f(alarms,)75 1975 y(gongs,)h(and)i(to)q(csins)f(are)g(sounded.)75
2105 y Fb(2.3)56 b(Log-Based)18 b(Monitoring)g(T)-5 b(o)r(ols)75
2194 y Fh(A)17 b(n)o(um)o(b)q(er)h(of)f(our)g(monitors)g(are)g(based)g(on)h
(p)q(erio)q(dic)h(analyses)f(of)f(logs.)26 b(F)l(or)17 b(example,)h(attempts)
75 2250 y(to)d(grab)g(a)g(\(phon)o(y\))g(passw)o(ord)f(\014le)j(via)f
Fc(ftp)e Fh(are)i(detected)g(b)o(y)f(a)g Fc(grep)g Fh(job)g(run)h(via)g
Fc(cron)p Fh(.)k(W)l(e)15 b(th)o(us)75 2307 y(cannot)g(engage)g(in)h(coun)o
(terin)o(telligence)i(activit)o(y)d(in)h(resp)q(onse)g(to)f(suc)o(h)g(p)q(ok)
o(es.)20 b(Nev)o(ertheless,)c(they)75 2363 y(remain)k(v)o(ery)g(useful.)34
b(These)20 b(monitors)g(|)g(and)g(a)f(serious)h(attac)o(k)f(disco)o(v)o(ered)
h(via)g(them)g(|)g(are)75 2420 y(describ)q(ed)d(more)e(fully)h(in)g([Che92].)
146 2478 y(W)l(e)g(also)h(disco)o(v)o(ered)g(that)f(our)g(gatew)o(a)o(y)f
(mac)o(hine)j(w)o(as)e(b)q(eing)i(used)f(as)f(a)g(rep)q(ository)h(for)f
(\(pre-)75 2534 y(sumably)22 b(stolen\))f(PC)g(soft)o(w)o(are.)35
b(Assorted)21 b(individuals)j(w)o(ould)e(store)e(suc)o(h)i(programs)d(under)j
(a)75 2591 y(directory)c(named)f(\\)p Fc(..^T)p Fh(",)f(where)i(\\)p
Fc(^T)p Fh(")e(represen)o(ts)h(the)h(con)o(trol-T)f(c)o(haracter;)g(others)g
(w)o(ould)h(re-)75 2647 y(triev)o(e)d(it)g(at)f(their)h(leisure.)21
b(W)l(e)15 b(idly)h(discussed)g(replacing)g(these)e(\014les)i(with)f
(programs)e(that)h(prin)o(ted)75 2704 y(nast)o(y)19 b(w)o(arnings,)i(but)g
(settled)f(for)g(clearing)h(out)f(the)g(incoming)h Fc(ftp)f
Fh(area)g(at)f(least)h(daily)l(.)37 b(That)p eop
%%Page: 8 8
7 bop 75 49 a Fh(seems)16 b(to)f(ha)o(v)o(e)g(stopp)q(ed)h(the)g(problem)g
(for)f(no)o(w,)g(though)g(a)h(b)q(etter)f(solution)i(w)o(ould)f(b)q(e)g(to)f
(add)h(the)75 106 y(notion)d(of)f(\\inside)j(v)o(ersus)d(outside")h(to)f(the)
h(daemon,)g(and)g(to)f(prohibit)i(transfers)e(that)g(did)i(not)e(cross)75
162 y(the)j(b)q(oundary)l(.)20 b(\(Other)15 b(sites)g(rep)q(ort)f(similar)i
(inciden)o(ts,)g(often)f(in)o(v)o(olving)h(digitized)g(erotic)f(images.)75
219 y(W)l(e)g(lea)o(v)o(e)h(to)e(the)h(readers')g(imagination)h(what)f(w)o(e)
g(could)h(insert)g(in)g(place)g(of)f(these)g(\014les.\))146
275 y(W)l(e)i(are)g(curren)o(tly)g(adding)h(real-time)g(analyzers)g(to)e
(some)h(of)g(our)g(logs.)25 b(The)18 b(implemen)o(tation)75
332 y(is)e(simple:)662 409 y Fc(tail)23 b(-f)15 b Fg(lo)n(g\014le)f
Fc(|)24 b(awk)f(-f)15 b Fg(script)75 486 y Fh(This)23 b(is)f(an)g(esp)q
(ecially)j(useful)e(tec)o(hique)g(for)f(the)g Fc(ftp)g Fh(daemon's)f(logs;)26
b(attempts)21 b(to)g(add)h(more)75 543 y(sophisticated)16 b(mec)o(hanisms)g
(to)e(the)h(daemon)h(itself)g(w)o(ould)f(run)g(afoul)h(of)e(the)h
Fc(chroot)g Fh(en)o(vironmen)o(t)75 599 y(it)g(curren)o(tly)h(runs)g(in.)146
655 y(There)j(is)g(danger)g(lurking)h(here.)32 b(Our)20 b(early)f(v)o
(ersions)g(could)h(easily)g(ha)o(v)o(e)f(fallen)h(victim)g(to)e(a)75
712 y(sophisticated)e(attac)o(k)o(er)e(who)h(used)h(\014le)h(names)e(con)o
(taining)h(em)o(b)q(edded)h(shell)g(commands.)j(F)l(or)15 b(this)75
768 y(reason,)c(among)f(others,)h(w)o(e)g(run)g(all)h(of)e(our)h(traps)f
(with)h(as)g(few)g(privileges)h(as)f(p)q(ossible.)20 b(In)12
b(particular,)75 825 y(where)j(p)q(ossible)i(w)o(e)e(do)g(not)g(run)h(them)f
(as)g Fc(root)p Fh(.)75 965 y Fp(3)69 b(A)n(ttac)n(ks)23 b(Disco)n(v)n(ered)
75 1066 y Fh(Th)o(us)16 b(far,)e(w)o(e)i(ha)o(v)o(e)f(seen)h(a)g(wide)g(v)m
(ariet)o(y)g(of)g(attac)o(ks.)k(Some)15 b(of)h(them)f(are)h(w)o(ell-kno)o
(wn,)g(of)f(course;)75 1123 y(there)i(is)h(nothing)g(no)o(v)o(el)g(ab)q(out)f
(passw)o(ord-guessing)g(crac)o(k)o(ers.)26 b(A)18 b(t)o(ypical)g(scenario)f
(starts)g(with)g(a)75 1179 y Fc(finger)e Fh(attempt;)g(our)h(pseudo-serv)o
(er)g(returns)g(output)f(indicating)j(that)d Fc(guest)g Fh(and)h
Fc(berferd)f Fh(are)75 1236 y(logged)g(in.)21 b(Both)15 b(of)f(these)h
(accoun)o(ts)g(ha)o(v)o(e)f(ob)o(vious)i(passw)o(ords;)d(if)j(the)f(crac)o(k)
o(er)f(tak)o(es)g(the)h(bait,)g(w)o(e)75 1292 y(initiate)j(coun)o(terin)o
(telligence)i(measures.)25 b(An)17 b(attempt)f(to)h(log)g(in)g(as)g
Fc(guest)f Fh(is)h(in)h(some)f(sense)g(less)75 1349 y(serious;)g(one)g(can)g
(mak)o(e)f(a)g(plausible)j(argumen)o(t)d(that)g(sites)h(that)e(do)i(not)f(w)o
(an)o(t)g(guests)g(should)h(not)75 1405 y(ha)o(v)o(e)g(a)g
Fc(guest)g Fh(accoun)o(t.)27 b(No)18 b(suc)o(h)f(excuse)i(can)e(b)q(e)i
(o\013ered)e(for)g(trying)h(to)f(log)g(in)i(as)e(an)g(apparen)o(t)75
1462 y(gen)o(uine)f(user.)146 1518 y(The)i(next)h(lev)o(el)h(up)e(are)h
(folks)f(who)g(w)o(an)o(t)g(our)g(passw)o(ord)f(\014le.)31
b(Our)19 b Fc(ftp)f Fh(daemon)g(pro)o(vides)h(a)75 1574 y(dumm)o(y)14
b(one)h(\(see)f([Che92])g(for)f(details\);)i(a)g(pac)o(k)o(et)e(suc)o(k)o(er)
i(catc)o(hes)f Fc(tftp)g Fh(requests)g(for)g(it.)20 b(W)l(e)14
b(ha)o(v)o(e)75 1631 y(con)o(templated)j(the)f(idea)h(of)f(distributing)i
(the)e(same)g(dumm)o(y)h(\014le)g(via)f Fc(tftp)p Fh(,)g(but)g(ha)o(v)o(e)g
(rejected)h(it;)75 1687 y(the)c(b)q(ene\014t)i(to)d(us)h(w)o(ould)h(b)q(e)g
(minimal,)h(and)e(w)o(e)g(w)o(ould)h(ha)o(v)o(e)e(to)h(exp)q(ose)h(ourselv)o
(es)f(to)g(p)q(ossible)i(bugs)75 1744 y(in)h(the)f Fc(tftp)g
Fh(daemon.)146 1800 y(There)i(ha)o(v)o(e)h(b)q(een)h(a)e(fair)h(n)o(um)o(b)q
(er)g(of)f(attempts)f(to)h Fc(rlogin)g Fh(to)g(our)h(mac)o(hine.)28
b(Most)16 b(of)i(these)75 1857 y(app)q(ear)f(to)g(b)q(e)h(inno)q(cen)o(t,)h
(though)e(curious)h(nev)o(ertheless:)25 b(wh)o(y)17 b(w)o(ould)h(an)o(y)o
(one)f(exp)q(ect)h(to)e(b)q(e)i(able)75 1913 y(to)k(log)h(in)g(to)g(another)f
(compan)o(y's)g(mac)o(hines?)44 b(Sometimes,)25 b(w)o(e)d(see)h(attempts)f
(to)g(connect)h(as)75 1970 y Fc(netlib)p Fh(,)c(or)f(to)h Fc(rcp)f
Fh(the)h Fc(netlib)f Fh(distribution[DG87];)j(these)e(most)f(lik)o(ely)j
(denote)e(a)g(somewhat-)75 2026 y(naiv)o(e)f(attempt)f(to)g(a)o(v)o(oid)g
(the)h(use)g(of)f Fc(ftp)g Fh(when)h(retrieving)h(the)e Fc(netlib)g
Fh(pac)o(k)m(age)h(w)o(e)f(distribute.)75 2083 y(F)l(or)e(other)f
(connections,)i(w)o(e)f(b)q(eliev)o(e)i(that)e(\014ngers)g(are)g(faster)f
(than)h(brains;)g(the)h(real)f(in)o(ten)o(t)g(w)o(as)g(to)75
2139 y(use)h Fc(ftp)e Fh(or)h Fc(telnet)f Fh(to)h(reac)o(h)g(us.)20
b(Regardless,)c(suc)o(h)f(attempts)f(represen)o(t)h(noise)h(in)g(the)g(log)f
(\014les.)146 2195 y(Other)g(connection)i(requests)e(ha)o(v)o(e)g(not)g(b)q
(een)h(so)f(gen)o(teel.)21 b(W)l(e)16 b(ha)o(v)o(e)f(seen)h(attempts)e(to)h
Fc(rlogin)75 2252 y Fh(as)f Fc(root)g Fh(coming)h(from)f(military)i(sites.)k
(Figure)15 b(1)f(sho)o(ws)g(an)h(attempt)e(to)h(execute)i(the)e
Fc(domainname)75 2308 y Fh(command;)j(apart)e(from)h(the)g(ob)o(vious)h
(problem)g(that)f(exists)g(if)h Fc(bin)f Fh(can)h(connect)g(to)e(our)h(mac)o
(hine,)75 2365 y(w)o(e)f(susp)q(ect)h(that)e(the)i(attac)o(k)o(er)d(planned)k
(misc)o(hief)f(in)o(v)o(olving)h(Sun's)e(NIS.)146 2421 y(The)h
Fc(portmopper)p Fh(,)e(and)i(b)q(efore)g(that)f(the)h(UDP)g(pac)o(k)o(et)f
(suc)o(k)o(er,)g(ha)o(v)o(e)h(pic)o(k)o(ed)g(up)h(a)e(n)o(um)o(b)q(er)h(of)75
2478 y(RPC-related)h(prob)q(es;)f(the)g(in)o(ten)o(t)g(of)f(some)h(of)f
(these)h(is)h(unclear.)23 b(W)l(e)16 b(ha)o(v)o(e)f(no)h(idea,)g(for)f
(example,)75 2534 y(wh)o(y)i(someone)h(w)o(ould)f(try)g(to)g(con)o(tact)g
(the)g Fc(rstatd)g Fh(daemon.)27 b(There)18 b(ma)o(y)e(b)q(e)i(securit)o(y)g
(problems)75 2591 y(lurking)e(there.)k(Other)c(requests)f(are)g(most)f(lik)o
(ely)j(malicious;)f(when)g(someone)f(tries)g(to)g(con)o(tact)f(our)75
2647 y(\(non-existen)o(t\))d Fc(NFS)g Fh(moun)o(t)g(daemon,)h(w)o(e)f(assume)
g(that)f(they)i(are)f(lo)q(oking)h(for)f(\014le)h(systems)f(exp)q(orted)75
2704 y(to)k(the)g(w)o(orld.)20 b(\(Y)l(es,)15 b(there)g(are)g(man)o(y)f
(sites)i(with)f(that)g(problem.\))p eop
%%Page: 9 9
8 bop 75 139 a Fj(From:)21 b([email protected])o(.com)75 189
y(To:)g(trappers)75 238 y(Subject:)f(udpsuck)g(nfs\(2049\))75
338 y(UDP)h(packet)g(from)g(host)g(a.non-us.edu)e(\(173.46.173.146\):)f(port)
j(804,)g(40)h(bytes)162 388 y(0:)65 b(2964e5a6)20 b(00000000)g(00000002)h
(000186a3)63 b(\)d..............)140 438 y(16:)i(00000002)20
b(00000000)g(00000000)h(00000000)63 b(................)140
487 y(32:)i(00000000)20 b(00000000)456 b(........)75 537 y(/usr/ucb/finger)19
b(@173.46.173.146)f(2>&1)75 587 y([173.46.173.146])75 637 y(Login)152
b(Name)304 b(TTY)21 b(Idle)86 b(When)h(Where)75 687 y(lu)152
b(Lee)21 b(User)305 b(a)43 b(8:41)21 b(Fri)g(12:55)43 b(direct)20
b(to)i(room)f(101)75 737 y(ano)130 b(A.N.)21 b(One)305 b(h6)65
b(3d)21 b(Tue)g(00:49)43 b(direct)20 b(to)i(719)75 786 y(nsa)130
b(Nun)21 b(Atall)283 b(p0)65 b(36)21 b(Thu)g(18:56)43 b(eqg01:0.0)75
836 y(nsa)130 b(Nun)21 b(Atall)283 b(p1)65 b(24)21 b(Thu)g(18:57)43
b(eqg01:0.0)641 984 y Fh(Figure)16 b(4:)j(A)c(captured)h Fc(NFS)f
Fh(request)146 1122 y(There)d(ha)o(v)o(e)f(b)q(een)i(some)f(connection)h
(requests)e(to)h(more)f(obscure)h(services.)20 b(Sev)o(eral)12
b(p)q(eople)h(ha)o(v)o(e)75 1178 y(p)q(ok)o(ed)j(a)f(pac)o(k)o(et)g(suc)o(k)o
(er)g(sitting)h(on)g(the)f Fc(whois)g Fh(p)q(ort.)21 b(Those)15
b(ha)o(v)o(e)g(b)q(een)i(inno)q(cen)o(t;)f(generally)l(,)h(the)75
1235 y(captured)g(data)e(sho)o(w)o(ed)h(that)g(the)g(caller)h(w)o(an)o(ted)f
(the)h(email)g(address)f(of)g(researc)o(hers)g(here.)24 b(When)75
1291 y(feasible,)e(w)o(e)e(reply)h(b)o(y)f(email,)i(doubtless)f(causing)f(m)o
(uc)o(h)g(confusion)h(and)f(puzzlemen)o(t.)36 b(W)l(e)20 b(will)75
1348 y(lik)o(ely)c(disable)g(that)e(trap)g(in)h(the)g(near)g(future.)k(Other)
c(prob)q(ers)g(ha)o(v)o(e)f(connected)h(to)f(things)h(lik)o(e)h(lik)o(e)75
1404 y(the)h Fc(nntp)f Fh(p)q(ort.)24 b(W)l(e)16 b(do)h(not)f(kno)o(w)g(for)g
(certain)h(what)f(they)h(had)g(in)g(mind;)h(lik)o(ely)h(guesses)e(include)75
1461 y(attempts)f(to)f(read)i(newsgroups)f(not)h(carried)g(at)f(their)h(o)o
(wn)f(sites,)h(or)f(attempts)f(to)h(forge)g Fc(netnews)75 1517
y Fh(p)q(ostings.)146 1574 y(The)h(most)f(sophisticated)i(p)q(ok)o(es)f(ha)o
(v)o(e)g(b)q(een)h(attempted)e Fc(NFS)h Fh(op)q(erations[Sun90].)24
b(They)18 b(ma)o(y)75 1630 y(ha)o(v)o(e)13 b(b)q(een)i(hand-crafted,)f(as)f
(most)g(normal)g Fc(NFS)g Fh(op)q(erations)h(are)f(preceded)i(b)o(y)f(moun)o
(t)f(requests.)19 b(A)75 1687 y(sample)e(alarm)g(message)f(is)h(sho)o(wn)g
(as)f(Figure)h(4.)24 b(P)o(erhaps)16 b(not)h(surprisingly)l(,)h(the)f(users)g
(sho)o(wn)f(as)75 1743 y(logged)f(in)h(ha)o(v)o(e)f(all)h(b)q(een)h(idle)g
(for)d(quite)i(some)f(time.)146 1800 y(Th)o(us)e(far,)g(all)h(of)f(the)h
Fc(NFS)e Fh(pac)o(k)o(ets)h(w)o(e)g(ha)o(v)o(e)g(captured)h(ha)o(v)o(e)f(b)q
(een)i Fc(no-ops)p Fh(.)j(In)c(a)f(few)h(instances,)75 1856
y(w)o(e)j(ha)o(v)o(e)f(b)q(een)i(able)g(to)e(con)o(tact)g(the)h(individuals)j
(resp)q(onsible;)f(they)e(generally)h(replied)h(that)d(they)75
1913 y(w)o(ere)h(c)o(hec)o(king)h(to)f(see)g(if)h(our)f(arc)o(hiv)o(es)g(w)o
(ere)g(accessible)i(b)o(y)e Fc(NFS)g Fh(as)g(w)o(ell)h(as)f(b)o(y)g
Fc(ftp)p Fh(.)26 b(\(A)17 b(n)o(um)o(b)q(er)75 1969 y(of)g(sites)g(do)h(pro)o
(vide)g(this)f(option;)i(w)o(e)e(marv)o(el)g(at)f(their)i(courage.\))26
b(In)18 b(fact,)f(at)f(least)i(one)f(p)q(opular)75 2026 y(program)d(|)h(the)f
Fc(amd)g Fh(auto-moun)o(ter[P)o(en)o(])h(|)g(apparen)o(tly)f(generates)h
Fc(NFS)f(no-ops)g Fh(automatically)l(.)146 2082 y(W)l(e)j(are)g(starting)g
(to)g(see)h(w)o(orrisome)f(lev)o(els)i(of)e(suc)o(h)h(queries.)27
b(Giv)o(en)18 b(the)g(existence)h(of)e(public)75 2139 y Fc(NFS)f
Fh(arc)o(hiv)o(es,)h(c)o(hec)o(king)h(to)e(see)i(if)f(w)o(e)f(o\013er)g(suc)o
(h)i(a)e(service)i(cannot)f(b)q(e)g(considered)h(a)f(hostile)h(act.)75
2195 y(On)f(the)f(other)g(hand,)h(what)f(w)o(e)g(see)h(with)g(our)f(curren)o
(t)g(to)q(ols)g(|)h Fc(NFS)24 b(no-ops)15 b Fh(and)i(queries)g(to)f(the)75
2252 y(moun)o(t)f(daemon)g(|)h(are)f(not)f(distinguishable)19
b(from)14 b(a)h(gen)o(uine)h(attac)o(k.)j(Our)d(c)o(hoices)g(are)f(either)h
(to)75 2308 y(ignore)i(all)h(suc)o(h)f(requests,)g(or)f(to)g(em)o(ulate)h
(more)f(of)g(the)h(proto)q(col,)g(so)f(w)o(e)h(can)g(see)g(what)f(is)h
(really)75 2364 y(in)o(tended.)j(Neither)16 b(alternativ)o(e)g(is)f(app)q
(ealing.)146 2421 y(W)l(e)j(ha)o(v)o(e)f(recen)o(tly)i(seen)g(sev)o(eral)f
(determined)h(attempts)e(to)g(grab)h(our)g(passw)o(ord)f(\014le)i(via)f(NIS)
75 2478 y(\(Figure)10 b(5\).)18 b(The)10 b(attac)o(k)o(ers')f(programs)g
(made)h(rep)q(eated)h(attempts)e(to)h(guess)g(our)h(NIS)g(domain)f(name,)75
2534 y(whic)o(h)19 b(is)g(need)h(in)f(order)f(to)g(p)q(erform)g(the)h
(transfer.)29 b(P)o(erhaps)18 b(not)g(surprisingly)l(,)j(these)e(attempts)75
2590 y(o)q(ccurred)d(just)f(a)g(few)g(w)o(eeks)g(after)f(the)h(appropriate)h
(program)e(w)o(as)g(p)q(osted)i(to)e(a)h(newsgroup.)146 2647
y(There)20 b(are)g(sev)o(eral)g(lik)o(ely)i(services)f(where)f(w)o(e)g(ha)o
(v)o(e)f(not,)i(or)e(not)h(y)o(et,)h(receiv)o(ed)g(an)o(y)f(serious)75
2704 y(p)q(ok)o(es,)14 b(suc)o(h)g(as)g Fc(bootp)f Fh(or)g
Fc(X11)p Fh(.)19 b(\(Actually)l(,)c(w)o(e)e(ha)o(v)o(e)h(seen)g(a)g(few)g
(connection)h(attempts)e(to)g(our)g Fc(X11)p eop
%%Page: 10 10
9 bop 75 247 a Fj(From:)21 b([email protected])o(.com)75 297
y(To:)g(trappers)75 347 y(Subject:)f(UDP)h(portmopper)f(from)h
(several.different)o(.plac)o(es)e(\(230.154.230.241\))75 446
y(Request:)75 496 y(....)75 546 y(***)75 596 y(reqprog:)h(100004)h
(\(ypserv\))f(vers:)h(2)g(proto:)g(6)g(port:)g(0)75 645 y(***)75
745 y(...)75 845 y(/usr/ucb/finger)e(@230.154.230.241)75 895
y([230.154.230.241])75 944 y(No)i(one)h(logged)e(on)75 1094
y(Server)h(input:)162 1144 y(0:)65 b(2a36be5f)20 b(00000000)g(00000002)h
(000186a4)63 b(*6._............)140 1193 y(16:)i(00000002)20
b(00000004)g(00000001)h(0000001c)63 b(................)140
1243 y(32:)i(2a3b6cfa)20 b(00000004)g(69736673)h(00000000)63
b(*;l.....isfs....)140 1293 y(48:)i(00000000)20 b(00000001)g(00000000)h
(00000000)63 b(................)140 1343 y(64:)i(00000000)20
b(0000000c)g(3139322e)h(32302e32)63 b(........192.20.2)140
1393 y(80:)i(32352e32)20 b(0000000d)g(70617373)h(77642e62)63
b(25.2....passwd.b)140 1442 y(96:)i(796e616d)20 b(65000000)g(80000060)h
(2a36be5e)63 b(yname......`*6.^)119 1492 y(112:)h(00000000)20
b(00000002)g(000186a4)h(00000002)63 b(................)119
1542 y(128:)h(00000004)20 b(00000001)g(0000001c)h(2a3b6cfa)63
b(............*;l.)119 1592 y(144:)h(00000004)20 b(69736673)g(00000000)h
(00000000)63 b(....isfs........)119 1642 y(160:)h(00000001)20
b(00000000)g(00000000)h(00000000)63 b(................)119
1692 y(176:)h(00000003)20 b(31393200)g(0000000d)h(70617373)63
b(....192.....pass)119 1741 y(192:)h(77642e62)20 b(796e616d)g(65000000)h
(80000064)63 b(wd.byname......d)119 1791 y(208:)h(2a36be5d)20
b(00000000)g(00000002)h(000186a4)63 b(*6.]............)119
1841 y(224:)h(00000002)20 b(00000004)g(00000001)h(0000001c)63
b(................)119 1891 y(240:)h(2a3b6cfa)20 b(00000004)g(69736673)h
(00000000)63 b(*;l.....isfs....)119 1941 y(256:)h(00000000)20
b(00000001)g(00000000)h(00000000)63 b(................)119
1990 y(272:)h(00000000)20 b(00000008)g(32302e32)h(32352e32)63
b(........20.225.2)119 2040 y(288:)h(0000000d)20 b(70617373)g(77642e62)h
(796e616d)63 b(....passwd.bynam)119 2090 y(304:)h(65000000)20
b(80000060)g(2a36be5c)h(00000000)63 b(e......`*6.\\....)119
2140 y(320:)h(00000002)20 b(000186a4)g(00000002)h(00000004)63
b(................)119 2190 y(336:)h(00000001)20 b(0000001c)g(2a3b6cfa)h
(00000004)63 b(........*;l.....)119 2240 y(352:)h(69736673)20
b(00000000)g(00000000)h(00000001)63 b(isfs............)119
2289 y(368:)h(00000000)20 b(00000000)g(00000000)h(00000002)63
b(................)119 2339 y(384:)h(32300000)20 b(0000000d)g(70617373)h
(77642e62)63 b(20......passwd.b)119 2389 y(400:)h(796e616d)20
b(65000000)g(80000064)h(2a36be5b)63 b(yname......d*6.[)75 2439
y(...)420 2587 y Fh(Figure)15 b(5:)20 b(P)o(art)14 b(of)g(the)i(alert)f
(message)g(from)f(an)h(NIS)h(attac)o(k.)p eop
%%Page: 11 11
10 bop 75 49 a Fh(monitor;)19 b(in)o(v)o(estigation)g(sho)o(w)o(ed)f(that)f
(they)h(w)o(ere)g(inno)q(cen)o(t.\))30 b(P)o(erhaps)18 b(the)g(crac)o(k)o(er)
g(comm)o(unit)o(y)75 106 y(has)d(not)f(y)o(et)h(ac)o(hiev)o(ed)g(a)g
(su\016cien)o(t)g(lev)o(el)i(of)d(sophistication,)i(or)e(p)q(erhaps)i(the)f
(traps)f(ha)o(v)o(e)g(not)h(b)q(een)75 162 y(around)f(long)g(enough)g(\(the)f
(pac)o(k)o(et)h(suc)o(k)o(ers)f(w)o(ere)h(\014rst)f(deplo)o(y)o(ed)i(in)f
(mid-Decem)o(b)q(er)h(of)f(1991\).)k(The)75 219 y(frequency)h(of)f(attac)o
(ks)f(seems)h(to)g(b)q(e)h(link)o(ed)h(to)d(the)i(academic)g(calendar;)h(w)o
(e)e(sa)o(w)f(a)h(considerable)75 275 y(upsurge)c(in)g(early)f(Jan)o(uary)l
(,)h(when)g(studen)o(ts)f(w)o(ould)h(b)q(e)g(returning)f(to)g(their)h
(campuses)g(\(in)f(the)h(U.S.,)75 332 y(at)h(least\),)f(and)i(a)e(drop-o\013)
h(as)g(their)h(w)o(orkload)e(presumably)i(increased.)146 397
y(When)c(w)o(e)g(detect)g(an)g(in)o(trusion,)h(w)o(e)f(send)g(a)g(casual)g
(note)g(to)g(the)g(system)f(administrator.)19 b(Gener-)75 453
y(ally)l(,)c(it)g(sa)o(ys)e(something)h(lik)o(e)i(\\someone)d(from)h(y)o(our)
g(site)g(did)h Fa(<)p Fh(x)p Fa(>)g Fh(y)o(esterda)o(y)l(,)f(and)g(while)i(w)
o(e)d(don't)75 509 y(care)k(m)o(uc)o(h,)h(w)o(e)f(though)o(t)f(y)o(ou)h(migh)
o(t)g(lik)o(e)i(to)d(kno)o(w,)h(since)i(suc)o(h)e(prob)q(es)h(often)f(come)g
(from)g(stolen)75 566 y(accoun)o(ts.")33 b(Resp)q(onses)21
b(are)f(mixed.)35 b(Some)20 b(administrators)f(resp)q(ond)i(immediately)l(,)h
(ask)e(for)f(all)75 622 y(the)14 b(details)h(w)o(e)f(can)g(pro)o(vide,)h(and)
f(tak)o(e)f(immediate)i(action)g(to)e(trac)o(k)g(do)o(wn)h(the)g(part)o(y)f
(resp)q(onsible.)75 679 y(Others)h(nev)o(er)h(answ)o(er)e(us.)20
b(P)o(erhaps)14 b(they)g(do)g(not)g(care,)g(p)q(erhaps)h(they)f(nev)o(er)g(c)
o(hec)o(k)h Fc(postmaster)p Fh('s)75 735 y(mailb)q(o)o(x,)h(or)e(p)q(erhaps)i
(the)g(in)o(truder)f(has)g(detected)h(and)g(deleted)g(the)g(mail.)k(That)15
b(last)g(w)o(ould)h(seem)75 792 y(to)11 b(b)q(e)h(a)g(plausible)i
(explanation;)g(one)d(w)o(ould)i(think)f(that)f(sites)h(w)o(ould)g(care)g
(that)f(their)h(o)o(wn)f(mac)o(hines)75 848 y(had)h(b)q(een)i(compromised.)19
b(Commercial)13 b(sites)f(generally)h(react)f(the)g(most;)g(academic)h(sites)
g(the)f(least.)75 905 y(On)17 b(at)f(least)h(three)g(o)q(ccasions,)g(w)o(e)g
(ha)o(v)o(e)f(had)h(to)f(notify)h(administrators)f(at)g(\(U.S.\))f(military)j
(sites;)75 961 y(to)c(our)h(surprise,)g(w)o(e)f(nev)o(er)h(receiv)o(ed)h(an)o
(y)e(resp)q(onse)i(at)e(all.)20 b(Copies)c(of)e(all)h(alarm)g(messages)f(and)
h(all)75 1018 y(administrator)d(noti\014cations)i(are)e(k)o(ept)g(on)h(an)g
(optical)g(disk;)h(additionally)l(,)h(CER)l(T)e(sees)g(these)g(notes.)75
1210 y Fp(4)69 b(Where)23 b(the)f(Wild)f(Things)i(Are)75 1328
y Fh(Not)14 b(surprisingly)l(,)i(most)e(of)g(the)g(attac)o(ks)f(w)o(e)h(ha)o
(v)o(e)g(seen)h(come)g(from)e(univ)o(ersities,)j(b)q(oth)f(in)g(the)f(U.S.)75
1384 y(and)e(abroad.)310 1368 y Ff(4)348 1384 y Fh(The)h(distribution)h(is)e
(highly)i(non-linear;)g(a)e(few)g(sites)h(accoun)o(t)e(for)h(a)g(high)h(p)q
(ercen)o(tage)75 1441 y(of)f(the)h(misb)q(eha)o(vior)g(w)o(e)g(see.)19
b(One)13 b(should)h(not)e(conclude,)j(though,)d(that)g(the)h(attac)o(k)o(ers)
e(are)h(actually)75 1497 y(at)17 b(those)g(sites;)i(v)o(ery)e(often,)h(w)o(e)
f(see)h(evidence)h(of)e(connection-launderin)q(g.)29 b(This)18
b(ma)o(y)f(tak)o(e)g(place)75 1554 y(b)q(ecause)12 b(of)f(op)q(en)h(terminal)
g(serv)o(ers,)f(whic)o(h)h(p)q(ermit)g(hop-on/hop-o\013)f(access,)h(or)f(b)q
(ecause)h(of)f(a)g(lib)q(eral)75 1610 y(attitude)k(to)o(w)o(ards)e(guest)h
(accoun)o(ts,)g(or)g(b)q(ecause)i(their)f(o)o(wn)f(mac)o(hines)i(ha)o(v)o(e)e
(b)q(een)i(p)q(enetrated.)k(W)l(e)75 1667 y(ha)o(v)o(e)e(seen)h(evidence)i
(for)d(all)h(three)g(explanations.)31 b(\(One)19 b(p)q(ersisten)o(t)g
(o\013ender)f(also)h(hosts)f(a)g(w)o(ell-)75 1723 y(kno)o(wn)i(source)h(arc)o
(hiv)o(e)g(accessible)i(via)e(NFS.)f(W)l(e)h(w)o(onder)f(if)h(there)g(is)g(a)
g(connection.)37 b(W)l(e)21 b(also)75 1779 y(w)o(onder)15 b(ab)q(out)g(the)g
(in)o(tegrit)o(y)g(of)g(the)h(co)q(de)f(in)h(the)g(arc)o(hiv)o(e.\))146
1845 y(T)l(able)f(1)g(sho)o(ws)f(the)h(frequency)h(of)e(prob)q(es)i(during)f
(F)l(ebruary)g(and)g(Marc)o(h)g(of)f(1992.)19 b(The)c(\\ARP)75
1901 y(c)o(hec)o(ks")i(indicate)i(an)f(address)f(space)h(prob)q(e)g(judged)g
(to)f(b)q(e)h(suspicious)h(enough)f(to)f(log;)h(the)f(other)75
1957 y(en)o(tries)e(are)f(based)h(on)f(a)g(coun)o(t)g(of)g(the)h(automated)e
(trap)h(messages)g(generated.)19 b(The)c Fc(ftp)f Fh(and)h
Fc(tftp)75 2014 y Fh(en)o(tries)j(are)g(of)f(particular)h(in)o(terest,)g
(since)h(they)f(are)g(rarely)l(,)g(if)g(ev)o(er,)g(inno)q(cen)o(t.)29
b(Other)18 b(inciden)o(ts,)75 2070 y(i.e.,)d(the)g Fc(whois)f
Fh(connections,)i(a)e(few)h(of)f(the)h Fc(portmopper)f Fh(traps,)g(and)h(the)
g Fc(SNMP)f Fh(messages,)h(turned)75 2127 y(out)g(to)f(b)q(e)i(b)q(enign.)146
2192 y(The)h(essen)o(tial)i(fact,)e(though,)h(is)g(that)f(the)h(In)o(ternet)f
(can)h(b)q(e)g(a)g(dangerous)f(place.)28 b(Individuals)75 2248
y(attempted)17 b(to)f(grab)h(our)f(passw)o(ord)h(\014le)h(at)e(a)h(rate)g
(exceeding)h(once)g(ev)o(ery)f(other)f(da)o(y)l(.)26 b(Suspicious)75
2305 y(RPC)15 b(requests,)f(whic)o(h)h(are)f(di\016cult)i(to)e(\014lter)h
(via)f(external)h(mec)o(hanisms,)g(arriv)o(ed)f(at)g(least)h(w)o(eekly)l(.)75
2361 y(A)o(ttempts)i(to)g(connect)h(to)f(non-existen)o(t)i(bait)f(mac)o
(hines)g(o)q(ccurred)h(at)e(least)h(ev)o(ery)f(t)o(w)o(o)g(w)o(eeks.)27
b(It)75 2418 y(is)16 b(w)o(orth)e(noting)h(that)f(during)i(the)f(\\Berferd")g
(inciden)o(t[Che92)q(],)g(w)o(e)f(attempted,)h(without)g(success,)75
2474 y(to)f(lure)i(the)f(in)o(truders)h(to)e(that)g(mac)o(hine,)i(whic)o(h)g
(actually)f(existed)h(at)f(the)g(time.)20 b(No)o(w,)14 b(connection)75
2531 y(requests)f(ha)o(v)o(e)g(b)q(ecome)h(commonplace.)20
b(W)l(e)13 b(do)g(not)g(kno)o(w)g(if)h(there)f(are)g(that)f(man)o(y)h(more)g
(crac)o(k)o(ers,)75 2587 y(or)i(if)g(they)h(ha)o(v)o(e)e(simply)j(gotten)d
(more)h(sophisticated)h(in)g(their)g(targeting.)p 75 2661 720
2 v 127 2688 a Fe(4)144 2704 y Fd(This)e(section)g(is)g(based)g(on)f(data)g
(compiled)i(b)o(y)f(Bill)h(Cheswic)o(k.)p eop
%%Page: 12 12
11 bop 385 137 a Fh(T)l(able)16 b(1:)k(F)l(requency)c(of)e(A)o(ttac)o(ks)g
(During)i(F)l(ebruary)f(and)g(Marc)o(h)615 299 y(Inciden)o(t)p
1149 316 2 57 v 400 w(Num)o(b)q(er)p 590 318 770 2 v 615 357
a(guest/demo/visitor)g(logins)p 1149 374 2 57 v 143 w(296)615
414 y(rlogins)p 1149 430 V 544 w(62)615 470 y(ftp)g(passwd)g(fetc)o(hes)p
1149 487 V 312 w(27)615 526 y(nn)o(tp)p 1149 543 V 583 w(16)615
583 y(p)q(ortmopp)q(er)p 1149 600 V 440 w(11)615 639 y(whois)p
1149 656 V 564 w(10)615 696 y(snmp)p 1149 713 V 591 w(9)615
752 y(x11)p 1149 769 V 627 w(8)615 809 y(tftp)p 1149 826 V
622 w(5)615 865 y(ARP)h(c)o(hec)o(ks)p 1149 882 V 458 w(4)615
922 y(systat)p 1149 939 V 578 w(2)615 978 y(nfs)p 1149 995
V 640 w(2)p 1149 1051 V 615 1091 a(Num)o(b)q(er)g(of)e(evil)j(sites)p
1149 1108 V 277 w(95)75 1291 y Fp(5)69 b(Ethical)21 b(Concerns)75
1398 y Fh(T)l(o)e(some,)g(our)g(activities)i(are)e(of)f(dubious)j(ethical)f
(c)o(haracter.)31 b(The)20 b(claim)g(has)f(b)q(een)h(made)g(that)75
1454 y(the)14 b(existence)i(of)e(some)g(of)f(our)h(monitors)g(amoun)o(t)g(to)
f(en)o(trapmen)o(t.)19 b(W)l(e)c(w)o(elcome)f(|)h(and)f(share)h(|)75
1511 y(their)h(sensitivit)o(y)g(to)f(ethical)h(issues,)g(but)f(not)g(their)g
(conclusions.)22 b(W)l(e)15 b(are)g(comfortable)g(with)h(what)75
1567 y(w)o(e)f(are)g(doing.)146 1626 y(W)l(e)h(do)g(not)g(regard)g(it)g(as)g
(at)g(all)h(wrong)e(to)h(monitor)g(our)g(o)o(wn)g(mac)o(hine.)23
b(It)17 b(is,)f(after)g(all,)h Fg(ours)p Fh(;)75 1682 y(w)o(e)c(ha)o(v)o(e)h
(the)g(righ)o(t)f(to)g(con)o(trol)h(ho)o(w)f(it)h(is)g(used,)g(and)g(b)o(y)g
(whom.)19 b(\(More)13 b(precisely)l(,)i(it)f(is)h(a)e(compan)o(y-)75
1739 y(o)o(wned)20 b(mac)o(hine,)i(but)f(w)o(e)f(ha)o(v)o(e)g(b)q(een)h(giv)o
(en)g(the)f(righ)o(t)g(and)h(the)f(resp)q(onsibilit)o(y)j(to)d(ensure)h(that)
75 1795 y(it)e(is)h(used)f(in)h(accordance)f(with)h(compan)o(y)e
(guidelines.\))34 b(Most)18 b(other)h(sites)g(on)g(the)g(In)o(ternet)g(feel)
75 1852 y(the)e(same)g(w)o(a)o(y)l(.)26 b(W)l(e)17 b(are)g(not)g(impressed)h
(b)o(y)g(the)f(argumen)o(t)g(that)f(idle)j(mac)o(hine)f(cycles)h(are)e(b)q
(eing)75 1908 y(w)o(asted.)22 b(Most)14 b(individual)q(s')k(needs)f(for)e
(computing)i(p)q(o)o(w)o(er)e(can)h(b)q(e)h(met)f(at)f(a)h(remark)m(ably)g
(mo)q(dest)75 1965 y(cost.)26 b(F)l(urthermore,)17 b(giv)o(en)h(the)f(curren)
o(t)g(ab)o(ysmal)h(state)e(of)h(host)g(securit)o(y)l(,)h(w)o(e)f(kno)o(w)g
(of)g(no)g(other)75 2021 y(w)o(a)o(y)d(to)h(ensure)h(that)e(our)h(gatew)o(a)o
(y)e(itself)k(is)e(not)g(compromised.)146 2080 y(Equally)j(imp)q(ortan)o(t,)e
(w)o(e)h(are)g(not)g(attempting)f(to)h(prosecute)g(an)o(y)o(one.)25
b(Our)17 b(goal)g(is)h(to)e(under-)75 2137 y(stand)f(what)g(is)i(happ)q
(ening,)g(and)e(to)g(sho)q(o)h(a)o(w)o(a)o(y)e(n)o(uisances.)22
b(The)16 b(reaction)g(from)e(system)i(adminis-)75 2193 y(trators)e(whom)h(w)o
(e)g(ha)o(v)o(e)g(con)o(tacted)g(has)h(generally)g(b)q(een)h(quite)f(p)q
(ositiv)o(e.)22 b(In)16 b(most)f(cases,)g(w)o(e)g(ha)o(v)o(e)75
2249 y(b)q(een)k(told)g(that)f(either)h(the)f(prob)q(e)h(w)o(as)e(inno)q(cen)
o(t,)j(in)f(whic)o(h)g(case)g(nothing)g(is)f(done,)h(or)f(that)g(the)75
2306 y(attac)o(k)o(er)d(w)o(as)i(in)g(fact)g(a)f(kno)o(wn)h(troublemak)o(er.)
25 b(In)18 b(that)e(case,)h(the)g(v)o(ery)g(concept)g(of)g(en)o(trapmen)o(t)
75 2362 y(do)q(es)c(not)f(apply)l(,)i(since)g(b)o(y)f(de\014nition)h(it)f(is)
h(an)e(inducemen)o(t)i(to)e(commit)h(a)g(violation)g(that)f(the)h(victim)75
2419 y(w)o(ould)j(not)f(otherwise)g(ha)o(v)o(e)g(b)q(een)i(inclined)h(to)d
(commit.)20 b(In)c(a)f(few)g(cases,)g(a)g(system)g(administrator)75
2475 y(has)g(learned,)h(through)f(our)g(messages,)f(that)g(his)i(or)f(her)h
(system)e(w)o(as)h(itself)h(compromised.)146 2534 y(The)g(most)g(problematic)
i(monitor)e(is)h(that)f(on)g(the)h Fc(guest)f Fh(login.)25
b(W)l(e)16 b(ha)o(v)o(e)g(b)q(een)i(told)f(that)f(its)75 2591
y(existence)f(is)f(itself)h(a)e(lure.)20 b(W)l(e)14 b(do)g(not)f(agree.)19
b(Most)13 b(attempts)g(to)g(use)h(it)g(are)f(blind;)j(the)e(individual)75
2647 y(has)21 b(no)f(reason)h(to)f(b)q(eliev)o(e)j(that)d(w)o(e)g(pro)o(vide)
i(suc)o(h)f(a)f(service.)38 b(Rather,)21 b(w)o(e)g(are)f(simply)i(one)f(of)75
2704 y(man)o(y)15 b(systems)h(that)f(is)h(searc)o(hed)g(for)g(op)q(en)g
(accoun)o(ts.)22 b(T)l(o)15 b(b)q(e)i(sure,)f(suc)o(h)g(a)f(searc)o(h)h(is)g
(lik)o(ely)i(to)d(b)q(e)p eop
%%Page: 13 13
12 bop 75 49 a Fh(futile;)14 b(guest)d(login)i(accoun)o(ts)e(ha)o(v)o(e)h(b)q
(ecome)g(quite)h(rare)e(on)h(the)g(In)o(ternet,)g(ev)o(en)g(on)g
(historically)h(op)q(en)75 106 y(systems.)28 b(This)18 b(is)h(in)f(mark)o(ed)
g(con)o(trast)e(to)i(the)g(ARP)l(ANET)g(of)g(15)f(y)o(ears)g(ago.)28
b(The)18 b(c)o(hange)g(w)o(as)75 162 y(lik)o(ely)g(inevitable;)g(the)e(v)m
(astly-increased)i(access)e(to)g(the)g(In)o(ternet)g(has)g(also)g(increased)h
(the)g(n)o(um)o(b)q(er)75 219 y(of)c(users)h(who)f(do)h(not)f(share)h(the)f
(same)h(moral)f(credo)h(with)g(resp)q(ect)g(to)f(prop)q(er)h(b)q(eha)o(vior.)
20 b(F)l(ew)13 b(sites,)75 275 y(if)j(an)o(y)l(,)f(are)h(willing)h(to)e(exp)q
(ose)h(themselv)o(es)h(to)e(unkno)o(wn)g(individual)q(s.)24
b(Ev)o(en)15 b(sites)h(w)o(ell-kno)o(wn)h(for)75 332 y(c)o(hampioning)h(the)f
(principles)j(of)c(univ)o(ersal)i(access)f(ha)o(v)o(e)g(b)q(een)h(forced)f
(to)f(close)i(do)o(wn,)e(b)q(ecause)i(of)75 388 y(abuses)d(b)o(y)h(a)e(few)i
(guests.)146 447 y(The)g(area)g(of)g(coun)o(terin)o(telligence)k(raises)d
(other)f(serious)h(issues.)25 b(What)15 b(sorts)h(of)g(net)o(w)o(ork)g(con-)
75 504 y(nections)g(to)f(other)h(sites)g(are)f(prop)q(er?)22
b(W)l(e)16 b(m)o(ust)f(b)q(e)i(v)o(ery)e(careful)h(here)g(not)f(to)g(step)h
(o)o(v)o(er)f(the)h(line.)75 560 y(Giv)o(en)g(that)g(w)o(e)g(log)g
Fc(finger)f Fh(attempts,)g(and)h(trace)g(bac)o(k)g Fc(rusers)f
Fh(calls,)i(are)e(w)o(e)h(justi\014ed)h(in)g(using)75 617 y(those)g(proto)q
(cols)g(ourselv)o(es?)27 b(What)16 b(ab)q(out)h(the)h(aforemen)o(tioned)f
Fc(telnet)f Fh(op)q(erations?)27 b(On)18 b(o)q(cca-)75 673
y(sion,)d(w)o(e)g(ha)o(v)o(e)f(had)i(mail)f(to)g(a)f(site)i(administrator)e
(b)q(ounce;)i(w)o(e)f(ha)o(v)o(e)f(had)i(to)e(resort)g(to)g(things)i(lik)o(e)
75 730 y(hand-en)o(tered)j Fc(VRFY)e Fh(commands)g(on)h(the)g(SMTP)g(p)q(ort)
f(to)g(determine)i(where)f(the)g(mail)g(should)h(b)q(e)75 786
y(sen)o(t.)h(Is)15 b(that)g(prop)q(er?)146 846 y(T)l(o)i(carry)h(matters)f(a)
h(step)g(farther,)g(the)g(suggestion)g(has)g(b)q(een)i(made)e(that)f(in)i
(the)g(ev)o(en)o(t)f(of)f(a)75 902 y(successful)f(attac)o(k)d(in)j(progress,)
d(w)o(e)i(migh)o(t)f(b)q(e)h(justi\014ed)h(in)g(p)q(enetrating)f(the)f(attac)
o(k)o(er's)f(computers)75 959 y(under)20 b(the)g(do)q(ctrine)g(of)f
(\\immediate)h(pursuit".)33 b(That)19 b(is,)h(it)g(ma)o(y)f(b)q(e)h(p)q
(ermissible)i(to)d(stage)f(our)75 1015 y(o)o(wn)d(coun)o(terattac)o(k)f(in)i
(order)f(to)f(stop)h(an)g(immediate)h(and)g(presen)o(t)f(danger)g(to)g(our)g
(o)o(wn)f(prop)q(ert)o(y)l(.)75 1072 y(The)19 b(legal)g(status)e(of)h(suc)o
(h)h(an)f(action)g(is)h(quite)g(m)o(urky)l(,)g(though)f(analagous)g(preceden)
o(ts)h(do)f(exist.)75 1128 y(Regardless,)e(w)o(e)f(ha)o(v)o(e)g(not)g
(carried)g(out)g(an)o(y)g(suc)o(h)h(action,)f(and)g(w)o(e)g(w)o(ould)h(b)q(e)
g(extremely)g(reluctan)o(t)75 1184 y(to;)j(if)h(nothing)f(else,)h(w)o(e)e(w)o
(ould)h(prefer)g(to)f(adhere)h(to)g(a)f(higher)h(moral)g(standard)f(than)h
(migh)o(t)f(b)q(e)75 1241 y(strictly)e(required)g(b)o(y)f(la)o(w.)146
1300 y(W)l(e)f(do)g(not)g(claim)h(to)f(kno)o(w)f(de\014nitiv)o(e)j(answ)o
(ers)e(to)g(these)g(ethical)i(questions.)k(Th)o(us)14 b(far,)f(w)o(e)h(are)75
1357 y(comfortable)g(with)h(what)f(w)o(e)h(ha)o(v)o(e)f(done.)20
b(If)15 b(nothing)g(else,)g(our)f(actions)h(are)f(\(a\))g(harmless,)h(and)f
(\(b\))75 1413 y(undertak)o(en)k Fg(only)f Fh(in)i(resp)q(onse)f(to)f(a)g
(\\\014rst)h(strik)o(e")f(from)g(the)h(other)f(site.)28 b(But)18
b(w)o(e)f(are)h(willing)i(to)75 1470 y(listen)c(to)f(argumen)o(ts)f(that)h(w)
o(e)g(ha)o(v)o(e)g(gone)g(to)q(o)f(far.)75 1630 y Fp(6)69 b(F)-6
b(uture)23 b(Extensions)75 1738 y Fh(There)11 b(are)f(sev)o(eral)g(in)o
(teresting)h(w)o(a)o(ys)e(to)h(extend)h(the)f(curren)o(t)g(set)h(of)e
(monitors.)18 b(The)11 b(most)e(imp)q(ortan)o(t)75 1794 y(c)o(hange)k(w)o
(ould)g(b)q(e)g(to)f(monitor)g(all)i(requests)f(for)f(TCP)g(or)g(UDP)g
(services,)i(and)f(not)f(just)h(a)f(select)h(few.)75 1851 y(Curren)o(tly)l(,)
j(the)g(gatew)o(a)o(y)e(mac)o(hine)j(is)f(blind)i(to)d(suc)o(h)h(prob)q(es,)g
(but)g(the)g(TCP)g(listener)h(on)e(a)h(Plan)g(9)75 1907 y(mac)o(hine)e(has)f
(pic)o(k)o(ed)g(up)h(requests)f(for)f(some)h(v)o(ery)f(un)o(usual)i(p)q(ort)f
(n)o(um)o(b)q(ers,)g(as)g(part)f(of)g(an)h(apparen)o(t)75 1964
y(attac)o(k[Bel92)o(].)19 b(The)d(ideal)g(w)o(a)o(y)e(to)g(implemen)o(t)j
(this)e(monitoring)g(w)o(ould)h(b)q(e)f(for)g(the)g(k)o(ernel)h(to)e(pass)75
2020 y(un)o(w)o(an)o(ted)21 b(pac)o(k)o(ets)g(to)g(a)g(user-lev)o(el)i
(daemon,)f(rather)f(than)g(issuing)i(its)f(o)o(wn)f(rejections.)39
b(That)75 2076 y(daemon)19 b(could)h(do)f(what)f(it)h(w)o(an)o(ted)f(|)i
(fork)e(a)g(c)o(hild)j(pro)q(cess)e(to)f(handle)j(the)e(connection,)h(issue)
75 2133 y(a)d(reject,)h(log)f(the)h(inciden)o(t,)h(etc.)27
b(Unfortunately)l(,)18 b(no)g(suc)o(h)f(mec)o(hanism)h(exists)g(at)f(presen)o
(t)h(in)g(the)75 2189 y(systems)d(w)o(e)g(use.)20 b(W)l(e)15
b(ma)o(y)g(p)q(erform)g(the)g(necessary)g(k)o(ernel)h(surgery)f(some)g(da)o
(y)l(.)146 2249 y(Our)20 b(pac)o(k)o(et)g(suc)o(k)o(ers)g(could)h(gather)f(m)
o(uc)o(h)g(more)g(information)g(if)h(they)f(had)g(more)g(abilit)o(y)i(to)75
2305 y(resp)q(ond.)e(W)l(e)14 b(do)f(not)h(wish)g(to)f(write)h(custom)f(co)q
(de)h(for)g(ev)o(ery)f(p)q(ossible)j(service;)e(ho)o(w)o(ev)o(er,)f(a)g
(simple)75 2362 y(script)19 b(in)o(terpreter)g(migh)o(t)g(b)q(e)g(useful.)31
b(F)l(or)18 b(example,)i(the)f Fc(nntp)f Fh(listener)i(could)g(emit)f(the)g
(prop)q(er)75 2418 y(greetings,)14 b(thereb)o(y)g(eliciting)i(further)e
(input)h(that)e(migh)o(t)h(sho)o(w)g(the)g(real)g(lo)q(cation)h(of)e(the)h
(presumed)75 2475 y(securit)o(y)i(hole.)146 2534 y(Along)c(the)f(same)h
(lines,)h(w)o(e)f(need)g(b)q(etter)g(facilities)i(for)d(in)o(terp)q(eting)i
(RPC)f(requests.)18 b(The)12 b(curren)o(t)75 2591 y(analysis)17
b(program)f(con)o(tains)g(a)h(lot)f(of)g(messy)h(co)q(de;)g(it)g(should)g(b)q
(e)g(fairly)h(easy)e(to)g(write)g(a)h Fc(printf)p Fh(-)75 2647
y(st)o(yle)d(in)o(terpreter)g(for)g(the)g(messages.)19 b(A)14
b(b)q(etter)g(reply)h(creator)e(w)o(ould)i(b)q(e)g(useful;)g(for)e(that,)g
(though,)75 2704 y(w)o(e)k(migh)o(t)h(b)q(e)g(b)q(est)g(o\013)f(using)h(the)g
(real)g(RPC)g(library)l(,)h(our)e(concerns)h(not)o(withstanding.)27
b(It)18 b(migh)o(t)p eop
%%Page: 14 14
13 bop 75 49 a Fh(b)q(e)18 b(useful)g(to)f(b)q(eef)h(up)f(the)g
Fc(portmopper)f Fh(to)h(resp)q(ond)h(to)e Fc(rpcinfo)23 b(-p)p
Fh(;)17 b(w)o(e)g(ha)o(v)o(e)g(seen)h(a)f(few)g(suc)o(h)75
106 y(queries,)f(and)f(our)g(o)o(wn)g(sim)o(ulated)h(attac)o(k)e(scenarios)h
(ha)o(v)o(e)g(relied)i(on)e(it.)146 162 y(The)20 b(DNS)h(serv)o(er)f(\()p
Fc(named)p Fh(\))f(needs)j(to)d(ha)o(v)o(e)i(logging)f(added)i(as)e(w)o(ell.)
37 b(While)22 b(it)e(is)h(probably)75 219 y(inadvisable)15
b(to)d(note)h(ev)o(ery)g(single)h(request,)f(zone)g(transfers)f(can)h(and)g
(should)h(b)q(e)g(logged.)19 b(In)14 b(theory)l(,)75 275 y(v)o(ery)c(few)g
(sites)h(ha)o(v)o(e)f(legitimate)i(reasons)e(for)f(examining)j(our)e(zone)h
(data,)f(but)h(w)o(e)f(ha)o(v)o(e)g(seen)h(evidence)75 332
y(that)f(crac)o(k)o(ers)g(are)h(already)g(doing)g(so.)18 b(Some)11
b(sites,)h(in)g(fact,)f(already)g(restrict)f(zone)i(transfers,)e(though)75
388 y(do)q(dging)16 b(bugs)f(is)h(the)f(usual)h(reason)f(giv)o(en)h(for)e
(suc)o(h)i(p)q(olicies.)146 444 y(W)l(e)22 b(w)o(ould)h(lik)o(e)h(to)e(hear)h
(ab)q(out)g(the)f(results)h(of)g(similar)h(monitoring)f(at)f(other)g(sites.)
43 b(Our)75 501 y(exp)q(eriences)19 b(ma)o(y)d(b)q(e)i(at)o(ypical,)g(for)e
(a)h(n)o(um)o(b)q(er)g(of)f(reasons.)25 b(W)l(e)17 b(are)g(in)h(the)f(\\)p
Fc(.com)p Fh(")f(domain,)h(our)75 557 y(mac)o(hine)h(is)g(listed)h(in)g(the)e
(o\016cial)i Fc(hosts.txt)d Fh(\014le,)j(some)e(p)q(eople)i(still)g(think)f
(w)o(e)g(are)f(\\the)g(phone)75 614 y(compan)o(y",)f(and)g(w)o(e)g(ha)o(v)o
(e)g(published)j(sev)o(eral)d(pap)q(ers)h(describing)h(our)e(securit)o(y)g
(arrangemen)o(ts.)22 b(A)75 670 y(small)16 b(univ)o(ersit)o(y)g(mac)o(hine)g
(migh)o(t)f(see)h(a)f(v)o(ery)f(di\013eren)o(t)i(pattern)f(of)f(attac)o(ks.)
19 b(On)d(the)f(other)g(hand,)75 727 y(w)o(e)g(ha)o(v)o(e)g(seen)h(enough)g
(connections)g(that)f(w)o(ere)g(apparen)o(tly)g(laundered)i(through)e(small)h
(univ)o(ersit)o(y)75 783 y(mac)o(hines)i(that)f(w)o(e)h(advise)g(against)f
(complacency)l(.)29 b(Others)18 b(rep)q(ort)f(similar)i(phenomena;)g(see,)g
(for)75 840 y(example,)d([Ran92)o(].)146 896 y(F)l(or)11 b(serious)i(in)o(v)o
(estigations)f(of)g(crac)o(k)o(er)f(b)q(eha)o(vior,)i(a)f(dedicated)h
(sacri\014cial)h(mac)o(hine)f(is)f(probably)75 953 y(a)17 b(b)q(etter)f(idea)
i(than)f(installing)i(trap)d(programs.)24 b(As)16 b(noted,)h(w)o(e)g(made)g
(suc)o(h)g(a)g(mac)o(hine)g(a)o(v)m(ailable)75 1009 y(when)e(trying)f(to)g
(trac)o(k)f(Berferd,)i(but)f(it)h(attracted)e(little)i(in)o(terest.)20
b(Our)15 b(new)f(monitors)g(sho)o(w)g(m)o(uc)o(h)75 1065 y(more)h(in)o
(terest)g(in)h(it)g(to)q(da)o(y)e(than)h(w)o(e)g(sa)o(w)f(then.)146
1122 y(Despite)h(all)h(this,)g(it)f(is)h(imp)q(ortan)o(t)e(to)h(view)g
(securit)o(y)h(in)g(its)f(prop)q(er)h(p)q(ersp)q(ectiv)o(e.)21
b(The)15 b(purp)q(ose)75 1178 y(of)k(our)g(gatew)o(a)o(y)f(mac)o(hine)i(is)g
(to)f(pass)g(messages,)h(not)f(to)f(en)o(tice)j(crac)o(k)o(ers.)31
b(W)l(e)20 b(do)f(not)g(w)o(an)o(t)g(to)75 1235 y(sp)q(end)d(more)f(e\013ort)
f(\014gh)o(ting)i(them)f(than)g(is)g(necessary)l(.)75 1378
y Fp(7)69 b(Recommendations)257 1479 y Fi(It)13 b(do)q(es)h(not)g(do)f(to)g
(lea)o(v)o(e)h(a)f(liv)o(e)i(dragon)e(out)g(of)g(y)o(our)g(calculations,)i
(if)f(y)o(ou)g(liv)o(e)g(near)189 1536 y(him.)25 b(Dragons)15
b(ma)o(y)h(not)h(ha)o(v)o(e)f(m)o(uc)o(h)h(real)g(use)g(for)f(all)h(their)h
(w)o(ealth,)e(but)h(they)g(kno)o(w)189 1592 y(it)e(to)g(an)g(ounce)h(as)e(a)h
(rule.)706 1696 y Fh(J.R.R.)g(T)l(olkien,)h Fg(The)g(Hobbit)146
1800 y Fh(It)f(is,)h(of)f(course,)g(no)h(surprise)g(to)f(an)o(y)o(one)g(that)
g(crac)o(k)o(ers)g(are)g(activ)o(e)g(on)h(the)g(In)o(ternet.)21
b(What)14 b(is)75 1857 y(surprising,)i(w)o(e)f(think,)g(is)h(the)f(lev)o(el)i
(of)d(activit)o(y)l(.)21 b(W)l(e)15 b(see)g(at)g(least)g(one)g(hostile)h
(action)f(a)g(w)o(eek,)g(plus)75 1913 y(sev)o(eral)k(do)q(orknob)g(c)o(hec)o
(ks)g(a)g(da)o(y)l(.)31 b Fg(F)m(urthermor)n(e,)20 b(we)g(know)g(of)g(most)f
(of)h(these)g(solely)e(b)n(e)n(c)n(ause)h(of)75 1970 y(our)e(monitoring)f(pr)
n(o)n(gr)n(ams.)k(No)c(standar)n(d)g(host)g(softwar)n(e)g(we)g(ar)n(e)g(awar)
n(e)h(of)f(pr)n(ovides)g(an)f(ade)n(quate)75 2026 y(level)j(of)g(monitoring.)
28 b Fh(More)17 b(precisely)l(,)j(if)e(y)o(ou)g(nev)o(er)g(lo)q(ok)g(out)f
(the)h(windo)o(w,)g(y)o(ou)f(will)j(nev)o(er)e(see)75 2083
y(an)o(y)d(dragons.)k(And)d(y)o(ou)f(will)i(nev)o(er)e(kno)o(w)g(if)g(one)h
(has)f(decided)i(that)d(y)o(our)h(passw)o(ords)f(are)h(just)g(the)75
2139 y(things)i(to)e(add)h(to)g(its)g(treasure)g(hoard)g(underneath)h(the)f
(Moun)o(tain.)23 b(The)16 b(In)o(ternet)g(app)q(ears)h(to)e(b)q(e)75
2195 y(lousy)j(with)h(dragons)p Fa(:)8 b(:)g(:)d Fh(.)28 b(\(N.B.)17
b(W)l(e)h(m)o(ust)f(confess)h(that)f(w)o(e)h(do)f(not)h(visualize)i(these)e
(dragons)f(as)75 2252 y(grandiose)e(or)g(magni\014cen)o(t.)20
b(T)l(olkien,)d(of)d(course,)h(sometimes)h(refers)f(to)f(dragons)h(as)f(\\w)o
(orms".\))146 2308 y(The)k(most)f(imp)q(ortan)o(t)g(thing)h(that)f(can)h(and)
g(should)h(b)q(e)f(done)g(is)h(for)e(v)o(endors)g(to)h(add)g(logging)75
2365 y(to)e(net)o(w)o(ork)f(soft)o(w)o(are.)21 b(Muc)o(h)c(more)f
(information)g(needs)h(to)f(b)q(e)h(logged,)g(at)e(the)i(option)f(of)g(the)h
(site)75 2421 y(administrator.)25 b(It)17 b(is)g(useful)h(to)e(b)q(e)i(able)g
(to)e(log)h Fg(al)r(l)g Fh(incoming)h(connections,)g(with)f(some)f(precis)i
(of)75 2478 y(the)f(parameters)g(passed.)26 b(These)17 b(need)h(not)f(b)q(e)h
(as)f(detailed)h(as)f(our)g(traps,)g(of)f(course,)i(but)f(should)75
2534 y(con)o(tain)e(the)h(essen)o(tial)g(information.)k(Naturally)l(,)15
b(success)h(or)f(failure)h(should)g(b)q(e)g(indicated)h(as)e(w)o(ell.)146
2591 y(While)22 b(m)o(uc)o(h)f(of)g(the)g(logging)g(can)g(and)h(should)g(b)q
(e)f(done)h(in)g Fc(inetd)p Fh(,)f(that)f(is)i(not)f(su\016cien)o(t.)75
2647 y(Other)14 b(programs)e(need)j(to)e(create)g(net)o(w)o(ork)f(log)i(en)o
(tries)g(as)f(w)o(ell.)20 b(F)l(or)13 b(example,)i Fc(named)e
Fh(should)h(note)75 2704 y(the)i(source)g(of)g(all)h(zone)f(transfer)f
(requests.)23 b(\(Optionally)l(,)17 b(suc)o(h)f(requests)g(should)h(b)q(e)g
(denied)h(if)e(not)p eop
%%Page: 15 15
14 bop 75 49 a Fh(from)14 b(kno)o(wn)g(secondary)g(serv)o(ers)g(for)g(the)g
(zone.)20 b(Some)15 b(reasons)f(w)o(ere)g(presen)o(ted)g(ab)q(o)o(v)o(e;)g
(others)g(are)75 106 y(discussed)j(in)f([Bel89].\))k(The)15
b Fc(ftp)g Fh(daemon,)g Fc(login)p Fh(,)g(and)g(an)o(ything)h(else)g(that)f
(do)q(es)g(authen)o(tication)75 162 y(should)i(note)f(an)o(y)g(session)g
(that)f(do)q(es)i(not)e(end)i(in)g(a)f(successful)h(login.)23
b(\(T)l(ruly)17 b(paranoid)f(mac)o(hines)75 219 y(should)h(log)g(ev)o(ery)f
(attempt)f(to)h(log)g(in,)h(successful)h(or)e(not.)23 b(But)16
b(caution)h(is)g(indicated;)h(exp)q(erience)75 275 y(suggests)d(that)f(one)h
(is)h(lik)o(ely)h(to)e(collect)h(passw)o(ords)e(that)h(w)o(a)o(y[GM84)m(].\))
146 332 y(W)l(e)g(urge)h(the)g(creation)g(of)f(a)h(standardized)h(logging)f
(in)o(terface.)22 b(Do)15 b(not)g(confuse)h(this)h(in)o(terface)75
388 y(with)12 b(the)g Fc(syslog)f Fh(daemon.)18 b(The)12 b(daemon)g(is)g(a)f
(mec)o(hanism)i(for)e(collecting)i(en)o(tries,)f(not)g(for)f(creating)75
445 y(them.)23 b(The)16 b(messages)g(w)o(e)g(wish)h(should)g(b)q(e)g(in)g(a)f
(form)f(suitable)j(for)d(manipulation)j(b)o(y)e Fc(grep)p Fh(,)g
Fc(awk)p Fh(,)75 501 y Fc(join)p Fh(,)h(and)g(other)g(standard)g(to)q(ols,)g
(and)g(that)g(will)i(only)e(happ)q(en)i(if)e(they)h(are)e(created)i(b)o(y)f
(a)g(single)75 558 y(subroutine.)146 615 y(Standardized)h(\014ltering)f(mec)o
(hanisms)h(are)e(also)h(useful.)26 b(Giv)o(en)17 b(the)g(n)o(um)o(b)q(er)g
(of)f(daemons)h(that)75 671 y(are)e(useful)i(in)o(ternally)l(,)g(but)e(are)g
(susceptible)j(to)d(attac)o(k)f(from)h(outside,)g(man)o(y)g(administrators)g
(wish)75 727 y(to)k(den)o(y)h(access)g(to)f(them)h(to)f(outsiders.)34
b(Router-lev)o(el)21 b(\014ltering)g(is)f(insu\016cien)o(t,)i(if)f(for)e(no)g
(other)75 784 y(reason)c(than)f(that)h(the)g(routers)f(ma)o(y)g(b)q(e)i(run)f
(b)o(y)g(di\013eren)o(t)g(organizations.)20 b(Some)15 b(v)o(endors)g(supp)q
(ort)75 840 y(\014ltering)h(in)g Fc(inetd)p Fh(;)e(most)h(do)g(not.)146
897 y(Unless)f(and)f(un)o(til)h(standard)f(logging)h(and)f(\014ltering)h(mec)
o(hanisms)g(are)f(created,)g(use)h(of)e(outb)q(oard)75 954
y(programs)k(is)h(a)g(useful)h(stopgap.)25 b(There)17 b(are)f(a)h(n)o(um)o(b)
q(er)g(of)g(programs)f(a)o(v)m(ailable)i(to)f(do)g(that.)24
b(One)75 1010 y(lists)19 b(them)e(in)i Fc(/etc/inetd.conf)d
Fh(instead)i(of)g(the)g(actual)g(serv)o(er;)g(they)g(create)g(the)g(log)g
(message,)75 1067 y(\014lter)e(based)f(on)g(origin)h(address,)f(and)h(only)f
(then)h(pass)f(con)o(trol)g(to)f(the)i(actual)f(serv)o(er.)75
1212 y Fp(8)69 b(Conclusions)257 1314 y Fi(\\Nev)o(er)15 b(laugh)g(at)g(liv)o
(e)h(dragons,)f(Bilb)q(o)h(y)o(ou)f(fo)q(ol!")20 b(he)c(said)f(to)g(himself.)
706 1422 y Fh(J.R.R.)g(T)l(olkien,)h Fg(The)g(Hobbit)146 1530
y Fh(It)i(is)g(all)h(w)o(ell)g(and)f(go)q(o)q(d)g(to)f(decry)i(computer)f
(securit)o(y)l(,)h(and)f(to)f(preac)o(h)h(the)g(religion)i(of)d(op)q(en)75
1587 y(access.)j(Unfortunately)l(,)14 b(there)g(are)g(an)g(increasing)h(n)o
(um)o(b)q(er)f(of)g(p)q(eople)i(with)e(access)g(to)g(the)g(In)o(ternet)75
1643 y(who)g(do)f(not)h(share)g(the)f(moralit)o(y)h(necessary)g(to)f(mak)o(e)
h(suc)o(h)g(sc)o(hemes)g(w)o(ork.)k(One)d(can)f(assume)g(that)75
1700 y(one)i(is)g(b)q(eing)h(attac)o(k)o(ed;)d(the)i(only)g(questions)g(are)f
(ho)o(w,)g(and)h(ho)o(w)f(often.)21 b(\(Just)16 b(who)f(the)h(attac)o(k)o
(ers)75 1756 y(are)e(is)h(in)g(some)e(sense)i(unin)o(teresting;)g(if)g(one)f
(group)g(passes)g(on,)g(another)g(is)h(sure)f(to)g(tak)o(e)f(its)i(place.\))
146 1813 y(Our)g(goal)f(is)i(to)e(pro)o(vide)i(information)f(to)f(the)h(comm)
o(unit)o(y)l(,)g(and)g(to)f(the)h(prop)q(er)g(authorities,)g(on)75
1870 y(just)j(ho)o(w)h(the)f(crac)o(k)o(ers)g(are)h(op)q(erating.)30
b(Our)19 b(sp)q(eci\014c)i(metho)q(ds)e(are)f(not)g(for)g(ev)o(ery)o(one,)h
(but)g(our)75 1926 y(lessons)d(|)f(and)h(our)f(w)o(arnings)g(|)g(are.)75
2071 y Fp(9)69 b(Av)l(ailabilit)n(y)75 2173 y Fh(A)o(t)19 b(this)g(time,)h
(neither)g(the)g(gatew)o(a)o(y)d(co)q(de)j(nor)f(the)g(v)m(arious)g(monitors)
g(are)g(a)o(v)m(ailable)i(outside)e(of)75 2230 y(A)l(T&T.)c(That)g(ma)o(y)f
(c)o(hange)h(in)h(the)g(future.)k(Then)15 b(again,)g(it)h(ma)o(y)e(not.)75
2375 y Fp(10)69 b(Ac)n(kno)n(wledgemen)n(ts)75 2477 y Fh(Bill)25
b(Cheswic)o(k)e(and)f(Diana)h(D'Angelo)g(implemen)o(ted)h(the)f(\014rst)f
(hac)o(k)o(er)g(traps)g(on)g(our)h(gatew)o(a)o(y)75 2534 y(mac)o
(hine[Che92].)31 b(Bill)21 b(also)e(did)h(a)f(lot)f(of)h(w)o(ork)f
(collecting)j(and)e(collating)h(log)f(\014le)h(data)e(for)h(this)75
2590 y(pap)q(er.)h(He)c(and)f(Da)o(v)o(e)f(Presotto)g(designed)j(our)e(o)o(v)
o(erall)g(securit)o(y)h(arc)o(hitecture.)146 2647 y(T)l(esting)22
b(the)f(traps)g(describ)q(ed)j(here)e(required)h(mac)o(hines)f(from)f(whic)o
(h)h(to)f(launc)o(h)i(sim)o(ulated)75 2704 y(attac)o(ks.)18
b(A)e(n)o(um)o(b)q(er)f(of)g(sites)h(gran)o(ted)e(us)h(access)h(to)e(their)i
(systems;)e(w)o(e)h(thank)g(them.)p eop
%%Page: 16 16
15 bop 75 49 a Fp(References)137 151 y Fh([Bel89])23 b(Stev)o(en)14
b(M.)f(Bello)o(vin.)20 b(Securit)o(y)14 b(problems)g(in)h(the)f(TCP/IP)f
(proto)q(col)h(suite.)k Fg(Computer)296 207 y(Communic)n(ations)d(R)n(eview)p
Fh(,)g(19\(2\):32{48,)c(April)17 b(1989.)137 296 y([Bel92])23
b(Stev)o(en)15 b(M.)g(Bello)o(vin.)22 b(P)o(ac)o(k)o(ets)14
b(found)h(on)g(an)g(in)o(ternet,)h(1992.)i(In)e(preparation.)80
385 y([CFSD90])21 b(J.D.)15 b(Case,)h(M.)f(F)l(edor,)g(M.L.)h(Sc)o
(ho\013stall,)g(and)g(C.)f(Da)o(vin.)22 b Fg(Simple)17 b(Network)g(Manage-)
296 442 y(ment)f(Pr)n(oto)n(c)n(ol)g(\(SNMP\))p Fh(,)c(Ma)o(y)j(1990.)j(RF)o
(C)d(1157.)124 531 y([Che90])22 b(W.R.)e(Cheswic)o(k.)37 b(The)21
b(design)g(of)f(a)h(secure)g(in)o(ternet)g(gatew)o(a)o(y)l(.)35
b(In)21 b Fg(Pr)n(o)n(c.)g(Summer)296 588 y(USENIX)14 b(Confer)n(enc)n(e)p
Fh(,)f(Anaheim,)j(June)g(1990.)124 677 y([Che92])22 b(W.R.)15
b(Cheswic)o(k.)20 b(An)c(ev)o(ening)g(with)f(Berferd,)h(in)g(whic)o(h)g(a)f
(crac)o(k)o(er)f(is)i(lured,)g(endured,)296 733 y(and)c(studied.)i(In)f
Fg(Pr)n(o)n(c.)f(Winter)h(USENIX)e(Confer)n(enc)n(e)p Fh(,)e(San)j(F)l
(rancisco,)g(Jan)o(uary)f(1992.)132 822 y([DG87])21 b(Jac)o(k)d(J.)h
(Dongarra)e(and)i(Eric)g(Grosse.)29 b(Distribution)19 b(of)f(mathematical)h
(soft)o(w)o(are)e(via)296 879 y(electronic)g(mail.)j Fg(Communic)n(ations)c
(of)g(the)h(A)o(CM)p Fh(,)c(30:403{407,)f(1987.)125 968 y([GM84])21
b(F)l(red)14 b(T.)g(Grampp)g(and)g(Rob)q(ert)h(H.)f(Morris.)j(Unix)f(op)q
(erating)e(system)g(securit)o(y)l(.)19 b Fg(A)m(T&T)296 1024
y(Bel)r(l)d(L)n(ab)n(or)n(atories)f(T)m(e)n(chnic)n(al)f(Journal)p
Fh(,)h(63\(8,)f(P)o(art)g(2\):1649{1672)o(,)e(Octob)q(er)k(1984.)127
1114 y([HM91])21 b(Katie)i(Hafner)g(and)g(John)g(Mark)o(o\013.)40
b Fg(Cyb)n(erpunk)22 b(:)35 b(Outlaws)23 b(and)g(Hackers)g(on)g(the)296
1170 y(Computer)17 b(F)m(r)n(ontier)p Fh(.)i(Simon)d(&)f(Sc)o(h)o(uster,)g
(1991.)131 1259 y([Joh85])22 b(Mik)o(e)15 b(St.)g(Johns.)20
b Fg(A)o(uthentic)n(ation)c(Server)p Fh(,)e(Jan)o(uary)h(1985.)k(RF)o(C)c
(931.)117 1348 y([Mo)q(c87])21 b(P)l(.V.)16 b(Mo)q(c)o(k)m(ap)q(etris.)23
b Fg(Domain)17 b(Names)g(|)h(Conc)n(epts)d(and)i(F)m(acilities)p
Fh(,)e(No)o(v)o(em)o(b)q(er)g(1987.)296 1405 y(RF)o(C)g(1034.)173
1494 y([P)o(en])22 b(Jan-Simon)12 b(P)o(endry)l(.)g Fc(Amd)e
Fh(|)h(An)g(automoun)o(ter.)f(Departmen)o(t)g(of)g(Computing,)h(Imp)q(erial)
296 1550 y(College,)16 b(London.)134 1639 y([Plu82])22 b(D.C.)c(Plummer.)34
b Fg(Ethernet)21 b(A)n(ddr)n(ess)e(R)n(esolution)h(Pr)n(oto)n(c)n(ol)p
Fh(,)g(No)o(v)o(em)o(b)q(er)f(1982.)32 b(RF)o(C)296 1696 y(826.)75
1785 y([PPTT90])21 b(Rob)f(Pik)o(e,)g(Da)o(v)o(e)f(Presotto,)f(Ken)i
(Thompson,)g(and)g(Ho)o(w)o(ard)e(T)l(ric)o(k)o(ey)l(.)33 b(Plan)20
b(9)f(from)296 1842 y(Bell)e(Labs.)j(In)c Fg(Pr)n(o)n(c)n(e)n(e)n(dings)e(of)
j(the)f(Summer)h(1990)g(UKUUG)f(Confer)n(enc)n(e)p Fh(,)d(pages)i(1{9,)296
1898 y(London,)g(July)i(1990.)c(UKUUG.)121 1987 y([Ran92])22
b(Marcus)17 b(J.)h(Ran)o(um.)28 b(A)18 b(net)o(w)o(ork)e(\014rew)o(all.)29
b(In)18 b Fg(Pr)n(o)n(c.)g(World)i(Confer)n(enc)n(e)c(on)j(System)296
2044 y(A)n(dministr)n(ation)c(and)h(Se)n(curity)p Fh(,)f(W)l(ashington,)g
(D.C.,)e(July)k(1992.)137 2133 y([Sto88])k(C.)d(Stoll.)32 b(Stalking)20
b(the)f(wiley)i(hac)o(k)o(er.)31 b Fg(Communic)n(ations)19
b(of)g(the)i(A)o(CM)p Fh(,)c(31\(5\):484,)296 2189 y(Ma)o(y)d(1988.)137
2278 y([Sto89])21 b(C.)e(Stoll.)34 b Fg(The)20 b(Cucko)n(o's)g(Egg:)29
b(T)m(r)n(acking)19 b(a)h(Spy)g(Thr)n(ough)h(the)g(Maze)f(of)g(Computer)296
2335 y(Espionage)p Fh(.)f(Doubleda)o(y)l(,)d(1989.)127 2424
y([Sun90])22 b(Sun)15 b(Microsystems,)e(Inc.,)h(Moun)o(tain)g(View,)g(CA.)k
Fg(Network)d(Interfac)n(es)e(Pr)n(o)n(gr)n(ammer's)296 2480
y(Guide)p Fh(,)i(Marc)o(h)g(1990.)k(SunOS)d(4.1.)138 2570 y([T)l(ol65])22
b(J.R.R.)15 b(T)l(olkien.)22 b Fg(L)n(or)n(d)15 b(of)i(the)f(R)o(ings)p
Fh(.)j(Ballan)o(tine)e(Bo)q(oks,)d(1965.)138 2659 y([T)l(ol66])22
b(J.R.R.)15 b(T)l(olkien.)22 b Fg(The)15 b(Hobbit)p Fh(.)20
b(Ballan)o(tine)d(Bo)q(oks,)e(1937,)e(1938,)h(1966.)p eop
%%Trailer
end
userdict /end-hook known{end-hook}if
%%EOF