%!PS-Adobe-2.0 %%Creator: dvips 5.490 Copyright 1986, 1992 Radical Eye Software %%Pages: 6 1 %%BoundingBox: 0 0 612 792 %%EndComments %DVIPSCommandLine: dvips -f %%BeginProcSet: tex.pro %! /TeXDict 250 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N /X{S N} B /TR{translate}N /isls false N /vsize 11 72 mul N /@rigin{isls{[0 -1 1 0 0 0] concat}if 72 Resolution div 72 VResolution div neg scale isls{Resolution hsize -72 div mul 0 TR}if Resolution VResolution vsize -72 div 1 add mul TR matrix currentmatrix dup dup 4 get round 4 exch put dup dup 5 get round 5 exch put setmatrix}N /@landscape{/isls true N}B /@manualfeed{statusdict /manualfeed true put}B /@copies{/#copies X}B /FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0]N /nn 0 N /IE 0 N /ctr 0 N /df-tail{/nn 8 dict N nn begin /FontType 3 N /FontMatrix fntrx N /FontBBox FBB N string /base X array /BitMaps X /BuildChar{ CharBuilder}N /Encoding IE N end dup{/foo setfont}2 array copy cvx N load 0 nn put /ctr 0 N[}B /df{/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0 0 sf neg 0 0]N df-tail}B /E{pop nn dup definefont setfont}B /ch-width{ch-data dup length 5 sub get}B /ch-height{ch-data dup length 4 sub get}B /ch-xoff{128 ch-data dup length 3 sub get sub}B /ch-yoff{ch-data dup length 2 sub get 127 sub}B /ch-dx{ch-data dup length 1 sub get}B /ch-image{ch-data dup type /stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0 N /rw 0 N /rc 0 N /gp 0 N /cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S dup /base get 2 index get S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx 0 ch-xoff ch-yoff ch-height sub ch-xoff ch-width add ch-yoff setcachedevice ch-width ch-height true[1 0 0 -1 -.1 ch-xoff sub ch-yoff .1 add]{ch-image}imagemask restore}B /D{/cc X dup type /stringtype ne{]}if nn /base get cc ctr put nn /BitMaps get S ctr S sf 1 ne{dup dup length 1 sub dup 2 index S get sf div put}if put /ctr ctr 1 add N} B /I{cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI save N @rigin 0 0 moveto /V matrix currentmatrix dup 1 get dup mul exch 0 get dup mul add .99 lt{/FV}{/RV}ifelse load def pop}N /eop{SI restore showpage userdict /eop-hook known{eop-hook}if}N /@start{userdict /start-hook known{start-hook} if /VResolution X /Resolution X 1000 div /DVImag X /IE 256 array N 0 1 255{IE S 1 string dup 0 3 index put cvn put}for 65781.76 div /vsize X 65781.76 div /hsize X}N /p{show}N /RMat[1 0 0 -1 0 0]N /BDot 260 string N /rulex 0 N /ruley 0 N /v{/ruley X /rulex X V}B /V{}B /RV statusdict begin /product where{pop product dup length 7 ge{0 7 getinterval dup(Display)eq exch 0 4 getinterval (NeXT)eq or}{pop false}ifelse}{false}ifelse end{{gsave TR -.1 -.1 TR 1 1 scale rulex ruley false RMat{BDot}imagemask grestore}}{{gsave TR -.1 -.1 TR rulex ruley scale 1 1 false RMat{BDot}imagemask grestore}}ifelse B /FV{gsave transform round exch round exch itransform moveto rulex 0 rlineto 0 ruley neg rlineto rulex neg 0 rlineto fill grestore}B /a{moveto}B /delta 0 N /tail{dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{S p tail}B /c{-4 M}B /d{-3 M} B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B /j{3 M}B /k{4 M}B /w{0 rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w}B /q{p 1 w}B /r{p 2 w} B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{3 2 roll p a}B /bos{/SS save N}B /eos{SS restore}B end %%EndProcSet TeXDict begin 40258431 52099146 1000 300 300 @start /Fa 40 123 df45 D<387CFEFEFE7C3807077C8610>I<001800007800 01F800FFF800FFF80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F800 01F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F800 01F80001F8007FFFE07FFFE013207C9F1C>49 D<03FC000FFF003C1FC07007E07C07F0FE03F0FE 03F8FE03F8FE01F87C01F83803F80003F80003F00003F00007E00007C0000F80001F00003E0000 380000700000E01801C0180380180700180E00380FFFF01FFFF03FFFF07FFFF0FFFFF0FFFFF015 207D9F1C>I<00FE0007FFC00F07E01E03F03F03F03F81F83F81F83F81F81F03F81F03F00003F0 0003E00007C0001F8001FE0001FF000007C00001F00001F80000FC0000FC3C00FE7E00FEFF00FE FF00FEFF00FEFF00FC7E01FC7801F81E07F00FFFC001FE0017207E9F1C>I<0000E00001E00003 E00003E00007E0000FE0001FE0001FE00037E00077E000E7E001C7E00187E00307E00707E00E07 E00C07E01807E03807E07007E0E007E0FFFFFEFFFFFE0007E00007E00007E00007E00007E00007 E00007E000FFFE00FFFE17207E9F1C>I<07FC001FFF00380F807007C0F807E0FC07E0FC07E0FC 07E07807E0000FC0001F80001F00003C0000780000700000E00000E00000C00000C00000C00000 C00000C00000C00000000000000000000000000000000001C00003E00007F00007F00007F00003 E00001C00013237DA21A>63 D<000070000000007000000000F800000000F800000000F8000000 01FC00000001FC00000003FE00000003FE00000003FE00000006FF000000067F0000000E7F8000 000C3F8000000C3F800000183FC00000181FC00000381FE00000300FE00000300FE00000600FF0 00006007F00000E007F80000FFFFF80000FFFFF800018001FC00018001FC00038001FE00030000 FE00030000FE000600007F000600007F00FFE00FFFF8FFE00FFFF825227EA12A>65 DI<0003FE0080001FFF818000FF01E38001F8 003F8003E0001F8007C0000F800F800007801F800007803F000003803F000003807F000001807E 000001807E00000180FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000 FE00000000FE000000007E000000007E000001807F000001803F000001803F000003801F800003 000F8000030007C000060003F0000C0001F800380000FF00F000001FFFC0000003FE000021227D A128>IIII77 DI80 D82 D<01FC0407FF8C1F03FC3C007C7C003C78001C78001CF8000CF8000CFC000CFC 0000FF0000FFE0007FFF007FFFC03FFFF01FFFF80FFFFC03FFFE003FFE0003FF00007F00003F00 003FC0001FC0001FC0001FE0001EE0001EF0003CFC003CFF00F8C7FFE080FF8018227DA11F>I< FFFF800FFEFFFF800FFE07F00000C007F80000C003F800018003F800018001FC00030001FC0003 0001FE00070000FE00060000FF000600007F000C00007F800C00003F801800003F801800003FC0 3800001FC03000001FE03000000FE06000000FF060000007F0C0000007F0C0000007F9C0000003 F980000003FD80000001FF00000001FF00000000FE00000000FE00000000FE000000007C000000 007C00000000380000000038000027227FA12A>86 DI<07FC001FFF80 3F07C03F03E03F01E03F01F01E01F00001F00001F0003FF003FDF01FC1F03F01F07E01F0FC01F0 FC01F0FC01F0FC01F07E02F07E0CF81FF87F07E03F18167E951B>97 D<00FF8007FFE00F83F01F 03F03E03F07E03F07C01E07C0000FC0000FC0000FC0000FC0000FC0000FC00007C00007E00007E 00003E00301F00600FC0E007FF8000FE0014167E9519>99 D<0001FE000001FE0000003E000000 3E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0001 FC3E0007FFBE000F81FE001F007E003E003E007E003E007C003E00FC003E00FC003E00FC003E00 FC003E00FC003E00FC003E00FC003E00FC003E007C003E007C003E003E007E001E00FE000F83BE 0007FF3FC001FC3FC01A237EA21F>I<00FE0007FF800F87C01E01E03E01F07C00F07C00F8FC00 F8FC00F8FFFFF8FFFFF8FC0000FC0000FC00007C00007C00007E00003E00181F00300FC07003FF C000FF0015167E951A>I<03FC1E0FFF7F1F0F8F3E07CF3C03C07C03E07C03E07C03E07C03E07C 03E03C03C03E07C01F0F801FFF0013FC003000003000003800003FFF801FFFF00FFFF81FFFFC38 00FC70003EF0001EF0001EF0001EF0001E78003C7C007C3F01F80FFFE001FF0018217E951C> 103 DI<1C003E007F00 7F007F003E001C000000000000000000000000000000FF00FF001F001F001F001F001F001F001F 001F001F001F001F001F001F001F001F001F001F001F00FFE0FFE00B247EA310>I<0038007C00 FE00FE00FE007C0038000000000000000000000000000003FE03FE003E003E003E003E003E003E 003E003E003E003E003E003E003E003E003E003E003E003E003E003E003E003E003E783EFC3EFC 3CFC7C78F87FE01F800F2E83A311>I108 DI< FF07E000FF1FF8001F307C001F403C001F803E001F803E001F003E001F003E001F003E001F003E 001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F00 3E00FFE1FFC0FFE1FFC01A167E951F>I<00FE0007FFC00F83E01E00F03E00F87C007C7C007C7C 007CFC007EFC007EFC007EFC007EFC007EFC007EFC007E7C007C7C007C3E00F81F01F00F83E007 FFC000FE0017167E951C>I114 D<0FF3003FFF00781F00600700E00300E00300F00300FC00007FE0007FF800 3FFE000FFF0001FF00000F80C00780C00380E00380E00380F00700FC0E00EFFC00C7F00011167E 9516>I<0180000180000180000180000380000380000780000780000F80003F8000FFFF00FFFF 000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F81800F81 800F81800F81800F81800F830007C30003FE0000F80011207F9F16>II119 DII<7FFFF07FFFF07C03E07007C0600FC0E01F80C01F00C03E00C07E0000FC0000F80001 F00003F03007E03007C0300F80701F80703F00603E00E07C03E0FFFFE0FFFFE014167E9519>I E /Fb 53 125 df<0001FC000703000C03001C07001C0300180000380000380000380000380000 700007FFFC00701C00701C00701C00E03800E03800E03800E03800E07001C07001C07001C07001 C0E201C0E201C0E20380E4038064038038038000030000070000060000C60000E40000CC000070 00001825819C17>12 D<183C3C3C0404080810204080060C779C0D>39 D<000300060008001800 30006000C000C0018003000300060006000C000C001C0018001800380030003000700070006000 600060006000E000E000E000E000E0006000600060006000600020003000100008000800102A7B 9E11>I<001000100008000C000400060006000600060006000700070007000700070006000600 060006000E000E000C000C001C001800180038003000300060006000C000C00180030003000600 0C00180010006000C000102A809E11>I45 D<3078F06005047C830D>I<003C0000C6000183000303000603000603800E03800C03801C0380 1C0300380700380700380700380700700E00700E00700E00700E00E01C00E01C00E01C00E03800 E03800E03000C06000E0600060C0007180001E0000111D7B9B15>48 D<00020006000C001C007C 039C0038003800380038007000700070007000E000E000E000E001C001C001C001C00380038003 8003800780FFF00F1C7C9B15>I<003C0000C3000101800201800201C00441C00441C00841C008 41C00841C01083801083801107000E0600000C0000180000300000C00001000006000008000010 01001002002002004006007E0C00C7F80083F80080E000121D7C9B15>I<003C0000C600018300 0303000603000E03000C03801C03801C03001C0300380700380700380700380F00380E00181E00 181E000C6C00079C00001C00001800003800003000006000E0C000E0C0008180008600007C0000 111D7B9B15>57 D<060F0F06000000000000000000003078F06008127C910D>I<000018000000 1800000038000000380000007800000078000000B8000001B800000138000002380000023C0000 041C0000041C0000081C0000181C0000101C0000201C0000201C00007FFC0000401C0000801C00 01801C0001001C0002001C0002001C0004000E000C000E001C001E00FF00FFC01A1D7E9C1F>65 D<0003F020001E0C60003002E000E003C001C001C0038001C0070000C00E0000801E0000801C00 00803C0000803C000000780000007800000078000000F0000000F0000000F0000000F0000000F0 000400F0000400F0000400F0000800700008007000100038002000180040000C01800007060000 01F800001B1E7A9C1E>67 D<01FFFE00003C0780003801C0003801C0003800E0003800E0007000 F00070007000700070007000F000E000F000E000F000E000F000E000F001C001E001C001E001C0 01E001C001C0038003C003800380038007800380070007000E0007001C0007003800070070000E 01C000FFFF00001C1C7D9B1F>I<01FFFFE0003C00E00038006000380040003800400038004000 70004000700040007020400070200000E0400000E0400000E0C00000FFC00001C0800001C08000 01C0800001C0800003810100038001000380020003800200070004000700040007000C00070018 000E007800FFFFF0001B1C7D9B1C>I<01FFFFC0003C01C0003800C00038008000380080003800 800070008000700080007020800070200000E0400000E0400000E0C00000FFC00001C0800001C0 800001C0800001C080000381000003800000038000000380000007000000070000000700000007 0000000F000000FFF000001A1C7D9B1B>I<0003F020001E0C60003002E000E003C001C001C003 8001C0070000C00E0000801E0000801C0000803C0000803C000000780000007800000078000000 F0000000F0000000F001FFC0F0001E00F0001C00F0001C00F0001C00F0001C0070003800700038 0038003800180078000C0090000707100001F800001B1E7A9C20>I<01FFC0003C000038000038 0000380000380000700000700000700000700000E00000E00000E00000E00001C00001C00001C0 0001C0000380000380000380000380000700000700000700000700000F0000FFE000121C7E9B10 >73 D<01FFC0FF003C003C00380030003800400038008000380100007002000070040000701000 0070200000E0400000E0C00000E1C00000E5C00001C8E00001D0E00001E0E00001C07000038070 000380700003803800038038000700380007001C0007001C0007001C000F001E00FFE0FF80201C 7D9B20>75 D<01FE0007F8003E000780002E000F00002E001700002E001700002E002700004E00 2E00004E004E00004E004E00004E008E00008E011C00008E011C00008E021C00008E021C000107 043800010704380001070838000107103800020710700002072070000207207000020740700004 0740E000040780E000040700E0000C0700E0001C0601E000FF861FFC00251C7D9B25>77 D<01FC03FE001C0070003C0060002E0040002E0040002E00400047008000470080004700800043 80800083810000838100008181000081C1000101C2000101C2000100E2000100E2000200E40002 00740002007400020074000400380004003800040038000C0018001C001000FF8010001F1C7D9B 1F>I<01FFFC00003C070000380380003801C0003801C0003801C0007003C0007003C0007003C0 0070038000E0078000E0070000E00E0000E0380001FFE00001C0000001C0000001C00000038000 00038000000380000003800000070000000700000007000000070000000F000000FFE000001A1C 7D9B1C>80 D<01FFF800003C0E0000380700003803800038038000380380007007800070078000 70078000700F0000E00E0000E01C0000E0700000FFC00001C0C00001C0600001C0700001C07000 038070000380700003807000038070000700F0000700F0400700F0400700F0800F007880FFE079 0000001E001A1D7D9B1E>82 D<000F8400304C00403C0080180100180300180300180600100600 1006000007000007000003E00003FC0001FF00007F800007C00001C00001C00000C00000C02000 C02000C0600180600180600300600200F00400CC180083E000161E7D9C17>I<1FFFFFC01C0701 C0300E00C0200E0080600E0080400E0080401C0080801C0080801C0080001C0000003800000038 000000380000003800000070000000700000007000000070000000E0000000E0000000E0000000 E0000001C0000001C0000001C0000001C0000003C000007FFE00001A1C799B1E>I<7FF0FF800F 001C000E0018000E0010000E0010000E0010001C0020001C0020001C0020001C00200038004000 38004000380040003800400070008000700080007000800070008000E0010000E0010000E00100 00E0020000E0020000E0040000E00400006008000030300000104000000F800000191D779B1F> III<01FF81FE001E00F0001C0060001E0080000E0180000E0100000F02000007040000070800 000790000003A0000003C0000001C0000001C0000001E0000002E0000004E0000008F000001070 0000207000006038000040380000803C0001001C0002001C0006001E001E001E00FF80FFC01F1C 7E9B1F>I<03CC063C0C3C181C3838303870387038E070E070E070E070E0E2C0E2C0E261E46264 3C380F127B9115>97 D<3F00070007000E000E000E000E001C001C001C001C0039C03E60383038 307038703870387038E070E070E070E060E0E0C0C0C1C0618063003C000D1D7B9C13>I<01F007 080C08181C3838300070007000E000E000E000E000E000E008E010602030C01F000E127B9113> I<001F80000380000380000700000700000700000700000E00000E00000E00000E0003DC00063C 000C3C00181C00383800303800703800703800E07000E07000E07000E07000E0E200C0E200C0E2 0061E4006264003C3800111D7B9C15>I<01E007100C1018083810701070607F80E000E000E000 E000E000E0086010602030C01F000D127B9113>I<0003C0000670000C70001C60001C00001C00 00380000380000380000380000380003FF8000700000700000700000700000700000E00000E000 00E00000E00000E00001C00001C00001C00001C00001C000038000038000038000030000030000 070000C60000E60000CC00007800001425819C0D>I<00F3018F030F06070E0E0C0E1C0E1C0E38 1C381C381C381C383830383038187818F00F700070007000E000E0C0C0E1C0C3007E00101A7D91 13>I<0FC00001C00001C0000380000380000380000380000700000700000700000700000E7800 0E8C000F0E000E0E001C0E001C0E001C0E001C0E00381C00381C00381C00383800703880703880 707080707100E03200601C00111D7D9C15>I<0180038001000000000000000000000000000000 1C002600470047008E008E000E001C001C001C0038003800710071007100720072003C00091C7C 9B0D>I<0FC00001C00001C0000380000380000380000380000700000700000700000700000E0F 000E11000E23800E43801C83001C80001D00001E00003F800039C00038E00038E00070E20070E2 0070E20070E400E06400603800111D7D9C13>107 D<1F800380038007000700070007000E000E 000E000E001C001C001C001C0038003800380038007000700070007000E400E400E400E4006800 3800091D7C9C0B>I<3C1E0780266318C04683A0E04703C0E08E0380E08E0380E00E0380E00E03 80E01C0701C01C0701C01C0701C01C070380380E0388380E0388380E0708380E0710701C032030 0C01C01D127C9122>I<3C3C002646004687004707008E07008E07000E07000E07001C0E001C0E 001C0E001C1C00381C40381C40383840383880701900300E0012127C9117>I<01E007180C0C18 0C380C300E700E700EE01CE01CE01CE018E038E030E06060C031801E000F127B9115>I<078700 04D98008E0C008E0C011C0E011C0E001C0E001C0E00381C00381C00381C0038180070380070300 0707000706000E8C000E70000E00000E00001C00001C00001C00001C00003C0000FF8000131A7F 9115>I<03C4062C0C3C181C3838303870387038E070E070E070E070E0E0C0E0C0E061E063C03D C001C001C0038003800380038007803FF00E1A7B9113>I<3C3C26C2468747078E068E000E000E 001C001C001C001C0038003800380038007000300010127C9112>I<01F006080C080C1C18181C 001F001FC00FF007F0007800386030E030C030806060C01F000E127D9111>I<00C001C001C001 C00380038003800380FFE00700070007000E000E000E000E001C001C001C001C00384038403840 388019000E000B1A7D990E>I<1E0300270700470700470700870E00870E000E0E000E0E001C1C 001C1C001C1C001C1C003838803838801838801839001C5900078E0011127C9116>I<1E06270E 470E4706870287020E020E021C041C041C041C0818083808181018200C4007800F127C9113>I< 1E01832703874703874703838707018707010E07010E07011C0E021C0E021C0E021C0E04180C04 181C04181C081C1C100C263007C3C018127C911C>I<1E03270747074707870E870E0E0E0E0E1C 1C1C1C1C1C1C1C38383838183818381C7007F00070007000E0E0C0E1C0818047003C00101A7C91 14>121 D124 D E /Fc 1 50 df<0C003C00CC000C000C000C000C00 0C000C000C000C000C000C000C000C00FF8009107E8F0F>49 D E /Fd 13 122 df<60F0F0600404798312>46 D<03E007F01E18381C30FC71FE739EE30EE70EE70EE70EE7 0EE30C739C71F830F038001E0E07FE03F80F147F9312>64 D<3F807FC070E0207000700FF03FF0 7870E070E070E07070F03FFE1F3E0F0E7E8D12>97 DI<07F01FF83838701060 00E000E000E000E0006000703838381FF007E00D0E7E8D12>I<07801FE0387070706038E038FF F8FFF8E0006000703838381FF007C00D0E7E8D12>101 D108 DI<0F803FE038E07070E038E038E038E038E038F078707038E03FE00F80 0D0E7E8D12>111 D<1FF03FF06070C070E0007F003FE00FF000786018E018F030FFE0DFC00D0E 7E8D12>115 D<06000E000E000E007FF8FFF80E000E000E000E000E000E000E000E380E380E38 07F003C00D127F9112>II121 D E /Fe 27 121 df<01C0000320000610000E1000 0E10000E10000E20000E40000E80000780FE0700380700200B802013804031C04061E08060E100 E07100E03A00E01C02700E0238370C0FC1F817177F961B>38 D<60F0F06004047D830A>46 D<001000003800003800003800005C00005C00005C00008E00008E00008E000107000107000307 8002038002038007FFC00401C00401C00800E00800E01800E03800F0FE03FE17177F961A>65 DI<00 FC100383300E00B01C0070380030300030700010600010E00010E00000E00000E00000E00000E0 0000E000106000107000103000203800201C00400E008003830000FC0014177E9619>I69 D76 D<7FFFF86038184038084038088038048038048038040038000038000038000038000038000038 0000380000380000380000380000380000380000380000380000380007FFC016177F9619>84 D88 D<1FC0386038301038003803F81E3830387038E039E039E07970FF1F1E100E7F8D12>97 DI<00 7E00000E00000E00000E00000E00000E00000E00000E00000E0007CE001C3E00300E00700E0060 0E00E00E00E00E00E00E00E00E00600E00700E00301E00182E0007CFC012177F9614>100 D<0FC0186030307038E018FFF8E000E000E000600070083010183007C00D0E7F8D10>I<03E006 700E701C201C001C001C001C001C00FF801C001C001C001C001C001C001C001C001C001C001C00 1C00FF800C1780960B>I<0F9E18E33060707070707070306018C02F80200060003FE03FF83FFC 600EC006C006C006600C38380FE010157F8D12>II<183C3C1800000000007C1C1C1C1C1C1C1C1C1C1C 1C1CFF081780960A>I107 DIII<07C018303018600C600CE00EE00EE00EE00EE00E 701C3018183007C00F0E7F8D12>II114 D<1F4060C0C040C040E000FF007F801FC001E080608060C060E0C09F000B0E7F8D0E>I<080008 000800180018003800FF80380038003800380038003800380038403840384038401C800F000A14 7F930E>I 120 D E /Ff 1 4 df<0C000C008C40EDC07F800C007F80EDC08C400C000C000A0B7D8B10>3 D E /Fg 1 50 df<0C001C00EC000C000C000C000C000C000C000C000C000C000C000C000C000C 000C000C00FFC00A137D9211>49 D E /Fh 42 121 df<70F8F8F8700505788416>46 D<03E0000FF8001FFC001E3C00380E00780F00700700700700E00380E00380E00380E00380E003 80E00380E00380E00380F00780700700700700780F003C1E001E3C001FFC000FF80003E0001119 7E9816>48 D<01800380038007800F807F80FF8073800380038003800380038003800380038003 80038003800380038003807FF87FFC7FF80E197C9816>I<07E0001FF8003FFC00783E00E00700 F00780F00380600380000380000380000700000700000E00001C0000380000700000E00001C000 0380000F00001E03803803807FFF80FFFF807FFF8011197E9816>I<007C0000FC0000DC0001DC 00039C00039C00071C000F1C000E1C001E1C003C1C00381C00781C00F01C00FFFFE0FFFFE0FFFF E0001C00001C00001C00001C00001C0001FFC001FFC001FFC013197F9816>52 D<3FFE003FFE003FFE003800003800003800003800003800003800003800003BF0003FFC003FFE 003C0F00300700000380000380600380F00380F00380E00700781E003FFC001FF80007E0001119 7E9816>I55 D<03E0000FF8001FFC003C1E00700E00700700E00700E00780E003 80E00380E00780700780780F803FFF801FFB800FE380000700000700300700780E00781C007078 003FF0001FE0000F800011197E9816>57 D<7FF800FFFE007FFF001C0F001C07801C03801C0380 1C03801C07801C07001FFF001FFE001FFE001C1F001C03801C03C01C01C01C01C01C01C01C01C0 1C03C01C07807FFF80FFFF007FFC0012197F9816>66 D<01F18007FB800FFF801F0F803C078038 0380700380700380F00000E00000E00000E00000E00000E00000E00000E00000F0000070038070 03803803803C07001F0F000FFE0007FC0001F00011197E9816>I<7FF800FFFE007FFF001C0F00 1C07801C03C01C01C01C01C01C01E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E0 1C01C01C01C01C03C01C07801C0F807FFF00FFFE007FF8001319809816>I<7F1FC0FFBFE07F1F C01C07001C07001C07001C07001C07001C07001C07001FFF001FFF001FFF001C07001C07001C07 001C07001C07001C07001C07001C07001C07007F1FC0FFBFE07F1FC013197F9816>72 DI77 D<7E1FC0FF3FE07F1FC01D07001D8700 1D87001D87001DC7001DC7001CC7001CC7001CE7001CE7001CE7001C67001C67001C77001C7700 1C37001C37001C37001C17007F1F00FF9F007F0F0013197F9816>I<7FF800FFFE007FFF001C0F 801C03801C03C01C01C01C01C01C01C01C03C01C03801C0F801FFF001FFE001FF8001C00001C00 001C00001C00001C00001C00001C00007F0000FF80007F000012197F9816>80 D<1FFC003FFE007FFF00780F00F00780E00380E00380E00380E00380E00380E00380E00380E003 80E00380E00380E00380E00380E00380E0E380E1E380F0F780787F007FFF003FFE001FFC00001C 00001E00000E00000F00000700000700111F7E9816>I<7FE000FFF8007FFC001C1E001C0F001C 07001C07001C07001C07001C0F001C1E001FFC001FF8001FFC001C1C001C0E001C0E001C0E001C 0E001C0E201C0E701C0E707F07E0FF87E07F03C014197F9816>I<07E3001FFF003FFF00781F00 F00700E00700E00700E00000F000007800003F80001FF00007FC0000FE00000F00000700000380 000380600380E00380E00700F80F00FFFE00FFFC00C7F00011197E9816>I<7FFFE0FFFFE0FFFF E0E0E0E0E0E0E0E0E0E0E0E0E000E00000E00000E00000E00000E00000E00000E00000E00000E0 0000E00000E00000E00000E00000E00000E00007FC000FFE0007FC0013197F9816>I<7F07F0FF 8FF87F07F01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C01C 01C01C01C01C01C01C01C01C01C00E03800E038007070007FF0003FE0000F8001519809816>I< 7F1F807F3F807F1F800E1E000E1C00073C0007380003B80003F00001F00001E00000E00001E000 01F00003F00003B80007B800071C00071C000E0E000E0E001C07007F1FC0FF1FE07F1FC013197F 9816>88 D<1FE0003FF0007FF800783C00300E00000E00000E0003FE001FFE003E0E00700E00E0 0E00E00E00E00E00783E007FFFE03FE7E00F83E013127E9116>97 D<7E0000FE00007E00000E00 000E00000E00000E00000E3E000EFF000FFF800F83C00F00E00E00E00E00700E00700E00700E00 700E00700E00700E00E00F01E00F83C00FFF800EFF00063C001419809816>I<03F80FFC1FFE3C 1E780C7000E000E000E000E000E000F000700778073E0E1FFC0FF803F010127D9116>I<003F00 007F00003F0000070000070000070000070003C7000FF7001FFF003C1F00780F00700700E00700 E00700E00700E00700E00700E00700700F00700F003C1F001FFFE00FE7F007C7E014197F9816> I<03E00FF81FFC3C1E780E7007E007FFFFFFFFFFFFE000E000700778073C0F1FFE0FFC03F01012 7D9116>I<001F00007F8000FF8001E78001C30001C00001C0007FFF00FFFF00FFFF0001C00001 C00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C0003FFE007FFF003F FE0011197F9816>I<03E3C007F7E00FFFE01C1CC0380E00380E00380E00380E00380E001C1C00 0FF8001FF0001BE0003800001800001FFC001FFF003FFF807803C0E000E0E000E0E000E0E000E0 7001C07C07C03FFF800FFE0003F800131C7F9116>I<7E0000FE00007E00000E00000E00000E00 000E00000E3C000EFE000FFF000F87800F03800E03800E03800E03800E03800E03800E03800E03 800E03800E03800E03807FC7F0FFE7F87FC7F01519809816>I<018003C003C001800000000000 0000007FC07FC07FC001C001C001C001C001C001C001C001C001C001C001C001C07FFFFFFF7FFF 101A7D9916>I108 DI<7E3C00FE FE007FFF000F87800F03800E03800E03800E03800E03800E03800E03800E03800E03800E03800E 03807FC7F0FFE7F87FC7F01512809116>I<03E0000FF8001FFC003C1E00780F00700700E00380 E00380E00380E00380E00380F00780700700780F003C1E001FFC000FF80003E00011127E9116> I<7E3E00FEFF007FFF800F83C00F00E00E00E00E00700E00700E00700E00700E00700E00700E00 E00F01E00F83C00FFF800EFF000E3C000E00000E00000E00000E00000E00000E00007FC000FFE0 007FC000141B809116>I114 D<0FEC3FFC7FFCF03CE01CE01C70007F801FF007F8003C600EE00EF00EF81EFFFCFFF8C7E00F12 7D9116>I<0300000700000700000700000700007FFF00FFFF00FFFF0007000007000007000007 000007000007000007000007010007038007038007038007870003FE0001FC0000F80011177F96 16>I<7E1F80FE3F807E1F800E03800E03800E03800E03800E03800E03800E03800E03800E0380 0E03800E03800E0F800FFFF007FBF803E3F01512809116>I119 D<7F1FC07F3FC07F1FC00F1C00073C0003B80003F00001F00000E00001E0 0001F00003B800073C00071C000E0E007F1FC0FF3FE07F1FC013127F9116>I E /Fi 81 125 df<007E1F0001C1B1800303E3C00703C3C00E03C1800E01C0000E01C0000E01C0 000E01C0000E01C0000E01C000FFFFFC000E01C0000E01C0000E01C0000E01C0000E01C0000E01 C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E 01C0007F87FC001A1D809C18>11 D<007E0001C1800301800703C00E03C00E01800E00000E0000 0E00000E00000E0000FFFFC00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C0 0E01C00E01C00E01C00E01C00E01C00E01C00E01C07F87F8151D809C17>I<007FC001C1C00303 C00703C00E01C00E01C00E01C00E01C00E01C00E01C00E01C0FFFFC00E01C00E01C00E01C00E01 C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C07FCF F8151D809C17>I<003F07E00001C09C18000380F018000701F03C000E01E03C000E00E018000E 00E000000E00E000000E00E000000E00E000000E00E00000FFFFFFFC000E00E01C000E00E01C00 0E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C 000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C007FC7FCFF80211D80 9C23>I<6060F0F0F8F86868080808080808101010102020404080800D0C7F9C15>34 D<0F0000C0188000C030600380703807006027FB00E0100600E0100C00E0100C00E0101800E010 1800E0103000E0106000602060007020C00030418000188180000F0303C00006062000060C1000 0C1C08001818080018380400303804006038040060380400C0380400C038040180380403001808 03001C0806000C100C000620040003C01E217E9E23>37 D<00E000000190000003080000030800 00070800000708000007080000070800000710000007100000072000000740000003C03FE00380 0F00038006000380040005C0040009C0080010E0100030E010006070200060702000E0384000E0 3C4000E01C8000E00F0020E0070020700780403009C0401830E18007C03E001B1F7E9D20>I<60 F0F8680808081010204080050C7C9C0C>I<004000800100020006000C000C0018001800300030 007000600060006000E000E000E000E000E000E000E000E000E000E000E000E000600060006000 700030003000180018000C000C00060002000100008000400A2A7D9E10>I<8000400020001000 18000C000C000600060003000300038001800180018001C001C001C001C001C001C001C001C001 C001C001C001C0018001800180038003000300060006000C000C00180010002000400080000A2A 7E9E10>I<60F0F0701010101020204080040C7C830C>44 DI<60F0F060 04047C830C>I<00010003000600060006000C000C000C00180018001800300030003000600060 00C000C000C0018001800180030003000300060006000C000C000C001800180018003000300030 00600060006000C000C00010297E9E15>I<03C00C301818300C300C700E60066006E007E007E0 07E007E007E007E007E007E007E007E007E007E00760066006700E300C300C18180C3007E0101D 7E9B15>I<030007003F00C7000700070007000700070007000700070007000700070007000700 0700070007000700070007000700070007000F80FFF80D1C7C9B15>I<07C01830201C400C400E F00FF80FF807F8077007000F000E000E001C001C00380070006000C00180030006010C01180110 023FFE7FFEFFFE101C7E9B15>I<07E01830201C201C781E780E781E381E001C001C0018003000 6007E00030001C001C000E000F000F700FF80FF80FF80FF00E401C201C183007E0101D7E9B15> I<000C00000C00001C00003C00003C00005C0000DC00009C00011C00031C00021C00041C000C1C 00081C00101C00301C00201C00401C00C01C00FFFFC0001C00001C00001C00001C00001C00001C 00001C0001FFC0121C7F9B15>I<300C3FF83FF03FC020002000200020002000200023E0243028 18301C200E000E000F000F000F600FF00FF00FF00F800E401E401C2038187007C0101D7E9B15> I<00F0030C06040C0E181E301E300C700070006000E3E0E430E818F00CF00EE006E007E007E007 E007E007600760077006300E300C18180C3003E0101D7E9B15>I<4000007FFF807FFF007FFF00 40020080040080040080080000100000100000200000600000400000C00000C00001C000018000 018000038000038000038000038000078000078000078000078000078000078000030000111D7E 9B15>I<03E00C301008200C20066006600660067006780C3E083FB01FE007F007F818FC307E60 1E600FC007C003C003C003C00360026004300C1C1007E0101D7E9B15>I<03C00C301818300C70 0C600EE006E006E007E007E007E007E0076007700F300F18170C2707C700060006000E300C780C 78187010203030C00F80101D7E9B15>I<60F0F0600000000000000000000060F0F06004127C91 0C>I<60F0F0600000000000000000000060F0F0701010101020204080041A7C910C>I<0FE03038 401CE00EF00EF00EF00E000C001C0030006000C000800180010001000100010001000100000000 0000000000000003000780078003000F1D7E9C14>63 D<000600000006000000060000000F0000 000F0000000F00000017800000178000001780000023C0000023C0000023C0000041E0000041E0 000041E0000080F0000080F0000180F8000100780001FFF80003007C0002003C0002003C000600 3E0004001E0004001E000C001F001E001F00FF80FFF01C1D7F9C1F>65 DI<001F808000E0618001801980070007800E0003801C0003801C00018038000180780000 807800008070000080F0000000F0000000F0000000F0000000F0000000F0000000F0000000F000 0000700000807800008078000080380000801C0001001C0001000E000200070004000180080000 E03000001FC000191E7E9C1E>IIII<001F808000E0618001801980070007800E0003801C0003801C0001803800018078000080 7800008070000080F0000000F0000000F0000000F0000000F0000000F0000000F000FFF0F0000F 80700007807800078078000780380007801C0007801C0007800E00078007000B800180118000E0 6080001F80001C1E7E9C21>III< 1FFF00F80078007800780078007800780078007800780078007800780078007800780078007800 7800787078F878F878F878F0F040E021C01F00101D7F9B15>IIIII<003F800000 E0E0000380380007001C000E000E001C0007003C00078038000380780003C0780003C0700001C0 F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0700001C0780003 C0780003C0380003803C0007801C0007000E000E0007001C000380380000E0E000003F80001B1E 7E9C20>II82 D<07E0801C19803005807003806001 80E00180E00080E00080E00080F00000F800007C00007FC0003FF8001FFE0007FF0000FF80000F 800007C00003C00001C08001C08001C08001C0C00180C00180E00300D00200CC0C0083F800121E 7E9C17>I<7FFFFFC0700F01C0600F00C0400F0040400F0040C00F0020800F0020800F0020800F 0020000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F000000 0F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000001F800003FFFC00 1B1C7F9B1E>IIII89 D91 D<0808101020204040404080 8080808080B0B0F8F8787830300D0C7A9C15>II<1FC00030700078380078 1C00301C00001C00001C0001FC000F1C00381C00701C00601C00E01C40E01C40E01C40603C4030 4E801F870012127E9115>97 DI<07E00C30187830787030 6000E000E000E000E000E000E00060007004300418080C3007C00E127E9112>I<003F00000700 00070000070000070000070000070000070000070000070000070003E7000C1700180F00300700 700700600700E00700E00700E00700E00700E00700E00700600700700700300700180F000C3700 07C7E0131D7E9C17>I<03E00C301818300C700E6006E006FFFEE000E000E000E0006000700230 0218040C1803E00F127F9112>I<00F8018C071E061E0E0C0E000E000E000E000E000E00FFE00E 000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E007FE00F1D809C0D> I<00038003C4C00C38C01C3880181800381C00381C00381C00381C001818001C38000C300013C0 001000003000001800001FF8001FFF001FFF803003806001C0C000C0C000C0C000C06001803003 001C0E0007F800121C7F9215>II<18003C003C00180000 00000000000000000000000000FC001C001C001C001C001C001C001C001C001C001C001C001C00 1C001C001C001C00FF80091D7F9C0C>I<00C001E001E000C00000000000000000000000000000 0FE000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000 E000E060E0F0C0F1C061803E000B25839C0D>IIIII<03F0000E1C001806003003007003 80600180E001C0E001C0E001C0E001C0E001C0E001C06001807003803003001806000E1C0003F0 0012127F9115>II<03C1000C3300180B00300F00700700700700E00700E00700 E00700E00700E00700E00700600700700700300F00180F000C370007C700000700000700000700 000700000700000700000700003FE0131A7E9116>II<1F9030704030C010C010E010F8 007F803FE00FF000F880388018C018C018E010D0608FC00D127F9110>I<04000400040004000C 000C001C003C00FFE01C001C001C001C001C001C001C001C001C001C101C101C101C101C100C10 0E2003C00C1A7F9910>IIII<7F8FF00F03800F030007020003840001C80001D80000 F00000700000780000F800009C00010E00020E000607000403801E07C0FF0FF81512809116>I< FF07E03C03801C01001C01000E02000E020007040007040007040003880003880003D80001D000 01D00000E00000E00000E000004000004000008000008000F08000F10000F300006600003C0000 131A7F9116>I<7FFC70386038407040F040E041C003C0038007000F040E041C043C0C38087008 7038FFF80E127F9112>III E /Fj 29 118 df<000E00001E00007E0007FE00FFFE00FFFE00F8FE0000FE0000FE0000FE0000 FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000 FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE007F FFFE7FFFFE7FFFFE17277BA622>49 D<00FF800003FFF0000FFFFC001F03FE003800FF007C007F 80FE003FC0FF003FC0FF003FE0FF001FE0FF001FE07E001FE03C003FE000003FE000003FC00000 3FC000007F8000007F000000FE000000FC000001F8000003F0000003E00000078000000F000000 1E0000003C00E0007000E000E000E001C001C0038001C0070001C00FFFFFC01FFFFFC03FFFFFC0 7FFFFFC0FFFFFF80FFFFFF80FFFFFF801B277DA622>I<007F800003FFF00007FFFC000F81FE00 1F00FF003F80FF003F807F803F807F803F807F801F807F800F007F800000FF000000FF000000FE 000001FC000001F8000007F00000FFC00000FFF0000001FC0000007E0000007F0000007F800000 3FC000003FC000003FE000003FE03C003FE07E003FE0FF003FE0FF003FE0FF003FC0FF007FC07E 007F807C007F003F01FE001FFFFC0007FFF00000FF80001B277DA622>I<00000E0000001E0000 003E0000007E000000FE000000FE000001FE000003FE0000077E00000E7E00000E7E00001C7E00 00387E0000707E0000E07E0000E07E0001C07E0003807E0007007E000E007E000E007E001C007E 0038007E0070007E00E0007E00FFFFFFF8FFFFFFF8FFFFFFF80000FE000000FE000000FE000000 FE000000FE000000FE000000FE000000FE00007FFFF8007FFFF8007FFFF81D277EA622>I<0C00 03000F803F000FFFFE000FFFFC000FFFF8000FFFF0000FFFE0000FFFC0000FFE00000E0000000E 0000000E0000000E0000000E0000000E0000000E7FC0000FFFF8000F80FC000E003E000C003F00 00001F8000001FC000001FC000001FE000001FE018001FE07C001FE0FE001FE0FE001FE0FE001F E0FE001FC0FC001FC078003F8078003F803C007F001F01FE000FFFF80003FFF00000FF80001B27 7DA622>I<000003800000000007C00000000007C0000000000FE0000000000FE0000000000FE0 000000001FF0000000001FF0000000003FF8000000003FF8000000003FF80000000073FC000000 0073FC00000000F3FE00000000E1FE00000000E1FE00000001C0FF00000001C0FF00000003C0FF 80000003807F80000007807FC0000007003FC0000007003FC000000E003FE000000E001FE00000 1E001FF000001C000FF000001FFFFFF000003FFFFFF800003FFFFFF80000780007FC0000700003 FC0000700003FC0000E00001FE0000E00001FE0001E00001FF0001C00000FF0001C00000FF00FF FE001FFFFEFFFE001FFFFEFFFE001FFFFE2F297EA834>65 D<00003FF001800003FFFE0380000F FFFF8780003FF007DF8000FF8001FF8001FE00007F8003FC00003F8007F000001F800FF000000F 801FE0000007801FE0000007803FC0000007803FC0000003807FC0000003807F80000003807F80 00000000FF8000000000FF8000000000FF8000000000FF8000000000FF8000000000FF80000000 00FF8000000000FF8000000000FF80000000007F80000000007F80000000007FC0000003803FC0 000003803FC0000003801FE0000003801FE0000007000FF00000070007F000000E0003FC00001E 0001FE00003C0000FF8000F800003FF007E000000FFFFFC0000003FFFF000000003FF800002929 7CA832>67 D73 D77 D<0000FFE000000007FFFC0000003FC07F8000007F001FC00001FC0007F00003F80003 F80007F00001FC000FF00001FE001FE00000FF001FE00000FF003FC000007F803FC000007F807F C000007FC07F8000003FC07F8000003FC07F8000003FC0FF8000003FE0FF8000003FE0FF800000 3FE0FF8000003FE0FF8000003FE0FF8000003FE0FF8000003FE0FF8000003FE0FF8000003FE0FF 8000003FE07F8000003FC07FC000007FC07FC000007FC03FC000007F803FC000007F801FE00000 FF001FE00000FF000FF00001FE0007F00001FC0003F80003F80001FC0007F00000FF001FE00000 3FC07F8000000FFFFE00000000FFE000002B297CA834>79 DI82 D<007F806003FFF0E007FFF9E00F807FE0 1F001FE03E0007E07C0003E07C0001E0FC0001E0FC0001E0FC0000E0FE0000E0FE0000E0FF0000 00FFC000007FFE00007FFFE0003FFFFC001FFFFE000FFFFF8007FFFFC003FFFFE000FFFFE00007 FFF000007FF000000FF8000007F8000003F8600001F8E00001F8E00001F8E00001F8F00001F0F0 0001F0F80003F0FC0003E0FF0007C0FFE01F80F3FFFF00E0FFFE00C01FF0001D297CA826>I<01 FF800007FFF0000F81F8001FC07E001FC07E001FC03F000F803F8007003F8000003F8000003F80 00003F80000FFF8000FFFF8007FC3F800FE03F803F803F803F003F807F003F80FE003F80FE003F 80FE003F80FE003F807E007F807F00DF803F839FFC0FFF0FFC01FC03FC1E1B7E9A21>97 D<001FF80000FFFE0003F01F0007E03F800FC03F801F803F803F801F007F800E007F0000007F00 0000FF000000FF000000FF000000FF000000FF000000FF000000FF0000007F0000007F0000007F 8000003F8001C01F8001C00FC0038007E0070003F01E0000FFFC00001FE0001A1B7E9A1F>99 D<00003FF80000003FF80000003FF800000003F800000003F800000003F800000003F800000003 F800000003F800000003F800000003F800000003F800000003F800000003F800000003F800001F E3F80000FFFBF80003F03FF80007E00FF8000FC007F8001F8003F8003F8003F8007F0003F8007F 0003F8007F0003F800FF0003F800FF0003F800FF0003F800FF0003F800FF0003F800FF0003F800 FF0003F8007F0003F8007F0003F8007F0003F8003F8003F8001F8003F8000F8007F80007C00FF8 0003F03BFF8000FFF3FF80003FC3FF80212A7EA926>I<003FE00001FFF80003F07E0007C01F00 0F801F801F800F803F800FC07F000FC07F0007C07F0007E0FF0007E0FF0007E0FFFFFFE0FFFFFF E0FF000000FF000000FF0000007F0000007F0000007F0000003F8000E01F8000E00FC001C007E0 038003F81F0000FFFE00001FF0001B1B7E9A20>I<0007F0003FFC00FE3E01F87F03F87F03F07F 07F07F07F03E07F00007F00007F00007F00007F00007F00007F000FFFFC0FFFFC0FFFFC007F000 07F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F000 07F00007F00007F00007F00007F00007F00007F0007FFF807FFF807FFF80182A7EA915>I<00FF 81F003FFE7F80FC1FE7C1F80FC7C1F007C383F007E107F007F007F007F007F007F007F007F007F 007F007F007F003F007E001F007C001F80FC000FC1F8001FFFE00018FF80003800000038000000 3C0000003E0000003FFFF8001FFFFF001FFFFF800FFFFFC007FFFFE01FFFFFF03E0007F07C0001 F8F80000F8F80000F8F80000F8F80000F87C0001F03C0001E01F0007C00FC01F8003FFFE00007F F0001E287E9A22>I<07000F801FC03FE03FE03FE01FC00F800700000000000000000000000000 0000FFE0FFE0FFE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00F E00FE00FE00FE00FE00FE0FFFEFFFEFFFE0F2B7DAA14>105 D 108 D110 D<003FE00001FFFC0003 F07E000FC01F801F800FC03F800FE03F0007E07F0007F07F0007F07F0007F0FF0007F8FF0007F8 FF0007F8FF0007F8FF0007F8FF0007F8FF0007F8FF0007F87F0007F07F0007F03F800FE03F800F E01F800FC00FC01F8007F07F0001FFFC00003FE0001D1B7E9A22>II<001FC038 0000FFF0780003F838F80007E00DF8000FC007F8001FC007F8003F8003F8007F8003F8007F8003 F8007F0003F800FF0003F800FF0003F800FF0003F800FF0003F800FF0003F800FF0003F800FF00 03F8007F0003F8007F0003F8007F8003F8003F8003F8001F8007F8000FC007F80007E01FF80003 F07BF80000FFF3F800003FC3F800000003F800000003F800000003F800000003F800000003F800 000003F800000003F800000003F800000003F80000003FFF8000003FFF8000003FFF8021277E9A 24>II<03FE300FFFF01E03F03800F0700070F00070F00070F80070FC00 00FFE0007FFE007FFF803FFFE01FFFF007FFF800FFF80003FC0000FC60007CE0003CF0003CF000 38F80038FC0070FF01E0F7FFC0C1FF00161B7E9A1B>I<00700000700000700000700000F00000 F00000F00001F00003F00003F00007F0001FFFF0FFFFF0FFFFF007F00007F00007F00007F00007 F00007F00007F00007F00007F00007F00007F00007F00007F00007F03807F03807F03807F03807 F03807F03803F03803F87001F86000FFC0001F8015267FA51B>II E /Fk 4 81 df<03C60FFE1C3E181E381E700E700E600EE000E0 00E000E000E000E000E000600E700E700E380C181C1C380FF003C00F177E9614>67 D73 D77 D80 D E /Fl 29 122 df<00FC7C0183C607078E0607040E07000E07000E07000E07000E07000E0700FF FFF00E07000E07000E07000E07000E07000E07000E07000E07000E07000E07000E07000E07000E 07000E07007F0FF0171A809916>11 D<60F0F07010101020204080040B7D830B>44 DI<60F0F06004047D830B>I<000C0000000C0000000C0000001E000000 1E0000003F000000270000002700000043800000438000004380000081C0000081C0000081C000 0100E0000100E00001FFE000020070000200700006007800040038000400380008001C0008001C 001C001E00FF00FFC01A1A7F991D>65 D<7FFFFF00701C0700401C0100401C0100C01C0180801C 0080801C0080801C0080001C0000001C0000001C0000001C0000001C0000001C0000001C000000 1C0000001C0000001C0000001C0000001C0000001C0000001C0000001C0000001C0000001C0000 03FFE000191A7F991C>84 D<3F8070C070E020700070007007F01C7030707070E070E071E071E0 F171FB1E3C10107E8F13>97 DI<07F80C1C381C30087000E000E000E000E000E0 00E0007000300438080C1807E00E107F8F11>I<007E00000E00000E00000E00000E00000E0000 0E00000E00000E00000E0003CE000C3E00380E00300E00700E00E00E00E00E00E00E00E00E00E0 0E00E00E00600E00700E00381E001C2E0007CFC0121A7F9915>I<07C01C3030187018600CE00C FFFCE000E000E000E0006000300438080C1807E00E107F8F11>I<01F0031807380E100E000E00 0E000E000E000E00FFC00E000E000E000E000E000E000E000E000E000E000E000E000E000E007F E00D1A80990C>I<0FCE187330307038703870387038303018602FC02000600070003FF03FFC1F FE600FC003C003C003C0036006381C07E010187F8F13>II<18003C003C001800 000000000000000000000000FC001C001C001C001C001C001C001C001C001C001C001C001C001C 001C00FF80091A80990A>I107 DIII<07E01C38300C700E6006E007E007E007E007E007E0076006700E381C 1C3807E010107F8F13>II114 D<1F2060E04020C020C020F0007F003FC01FE000F080708030C030C020 F0408F800C107F8F0F>I<0400040004000C000C001C003C00FFC01C001C001C001C001C001C00 1C001C001C201C201C201C201C200E4003800B177F960F>IIIIII E /Fm 7 117 df<00030000000780000007800000078000000FC000000FC000001BE000001BE000001BE00000 31F0000031F0000060F8000060F80000E0FC0000C07C0000C07C0001803E0001FFFE0003FFFF00 03001F0003001F0006000F8006000F800E000FC0FFC07FFCFFC07FFC1E1A7F9921>65 D<0FF0001C3C003E1E003E0E003E0F001C0F00000F0000FF000FCF003E0F007C0F00F80F00F80F 00F80F00F817007C27E01FC3E013117F9015>97 DI<03FC000F0E001C1F003C1F 00781F00780E00F80000F80000F80000F80000F800007800007800003C01801C03000F060003FC 0011117F9014>I114 D<1FB020704030C030C030F000FF807FE03FF807F8003CC00CC00CE0 0CE008F830CFE00E117F9011>I<06000600060006000E000E001E003FF0FFF01E001E001E001E 001E001E001E001E001E181E181E181E181E180F3003E00D187F9711>I E /Fn 1 4 df<020002000200C218F2783AE00F800F803AE0F278C2180200020002000D0E7E8E 12>3 D E /Fo 20 119 df<70F8FCFC7404040404080810102040060F7C840E>44 D<70F8F8F87005057C840E>46 D<008003800F80F3800380038003800380038003800380038003 8003800380038003800380038003800380038003800380038003800380038003800380038007C0 FFFE0F217CA018>49 D<03F0000C1C001007002007804003C04003C08003E0F003E0F801E0F801 E0F801E02003E00003E00003C00003C0000780000700000E00001C0000180000300000600000C0 000180000100000200200400200800201800603000403FFFC07FFFC0FFFFC013217EA018>I<03 F8000C1E001007002007804007C07807C07803C07807C03807C0000780000780000700000F0000 0E0000380003F000001C00000F000007800007800003C00003C00003E02003E07003E0F803E0F8 03E0F003C04003C0400780200780100F000C1C0003F00013227EA018>I<01F000060C000C0600 180700380380700380700380F001C0F001C0F001C0F001E0F001E0F001E0F001E0F001E07001E0 7003E03803E01805E00C05E00619E003E1E00001C00001C00001C0000380000380300300780700 780600700C002018001030000FC00013227EA018>57 D<0001800000018000000180000003C000 0003C0000003C0000005E0000005E000000DF0000008F0000008F0000010F80000107800001078 0000203C0000203C0000203C0000401E0000401E0000401E0000800F0000800F0000FFFF000100 078001000780030007C0020003C0020003C0040003E0040001E0040001E00C0000F00C0000F03E 0001F8FF800FFF20237EA225>65 DI77 D<03F0200C0C601802603001E07000E0 600060E00060E00060E00020E00020E00020F00000F000007800007F00003FF0001FFE000FFF00 03FF80003FC00007E00001E00000F00000F0000070800070800070800070800070C00060C00060 E000C0F000C0C80180C6070081FC0014247DA21B>83 D<01FC000707000C03801C01C03801C078 01E07000E0F000E0FFFFE0F00000F00000F00000F00000F000007000007800203800201C00400E 008007030000FC0013157F9416>101 D<00007001F198071E180E0E181C07001C07003C07803C 07803C07803C07801C07001C07000E0E000F1C0019F0001000001000001800001800001FFE000F FFC00FFFE03800F0600030400018C00018C00018C000186000306000303800E00E038003FE0015 217F9518>103 D<1C003E003E003E001C00000000000000000000000000000000000E00FE001E 000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFC00A22 7FA10E>105 D<0E00FE001E000E000E000E000E000E000E000E000E000E000E000E000E000E00 0E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFE00B 237FA20E>108 D<0E1F80FE60C01E80E00F00700F00700E00700E00700E00700E00700E00700E 00700E00700E00700E00700E00700E00700E00700E00700E00700E0070FFE7FF18157F941B> 110 D<01FC000707000C01801800C03800E0700070700070F00078F00078F00078F00078F00078 F00078F000787000707800F03800E01C01C00E038007070001FC0015157F9418>I<0F88307860 18C018C008C008E008F0007F803FE00FF001F8003C801C800C800CC00CC008E018D0308FC00E15 7E9413>115 D<02000200020002000600060006000E001E003E00FFF80E000E000E000E000E00 0E000E000E000E000E000E000E040E040E040E040E040E040708030801F00E1F7F9E13>I<0E00 70FE07F01E00F00E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00 700E00700E00700E00F00E00F006017003827800FC7F18157F941B>II E /Fp 14 118 df70 D73 D80 D<00FE00000303C0000C00E000 10007000100038003C003C003E001C003E001E003E001E0008001E0000001E0000001E0000001E 00000FFE0000FC1E0003E01E000F801E001F001E003E001E003C001E007C001E00F8001E04F800 1E04F8001E04F8003E04F8003E0478003E047C005E043E008F080F0307F003FC03E01E1F7D9E21 >97 D<003F8000E0600380180700040F00041E001E1C003E3C003E7C003E7C0008780000F80000 F80000F80000F80000F80000F80000F80000F80000F800007800007C00007C00003C00011E0001 1E00020F000207000403801800E060003F80181F7D9E1D>99 D<000001E000003FE000003FE000 0003E0000001E0000001E0000001E0000001E0000001E0000001E0000001E0000001E0000001E0 000001E0000001E0000001E0000001E0000001E0000001E0001F81E000F061E001C019E0078005 E00F0003E00E0003E01E0001E03C0001E03C0001E07C0001E0780001E0F80001E0F80001E0F800 01E0F80001E0F80001E0F80001E0F80001E0F80001E0F80001E0780001E0780001E03C0001E03C 0001E01C0001E01E0003E00E0005E0070009E0038011F000E061FF003F81FF20327DB125>I<00 3F800000E0E0000380380007003C000E001E001E001E001C000F003C000F007C000F0078000F80 78000780F8000780F8000780FFFFFF80F8000000F8000000F8000000F8000000F8000000F80000 00780000007C0000003C0000003C0000801E0000800E0001000F0002000780020001C00C0000F0 3000001FC000191F7E9E1D>I<07800000FF800000FF8000000F80000007800000078000000780 000007800000078000000780000007800000078000000780000007800000078000000780000007 800000078000000780000007801FFC07801FFC078007E007800780078006000780040007800800 078010000780600007808000078100000783800007878000078FC0000793C00007A1E00007C1F0 000780F0000780780007807C0007803C0007803E0007801F0007800F0007800F80078007C00780 03C0078003E00FC007F8FFFC0FFFFFFC0FFF20327EB123>107 D<0780FE0000FF83078000FF8C 03C0000F9001E00007A001E00007A000F00007C000F00007C000F000078000F000078000F00007 8000F000078000F000078000F000078000F000078000F000078000F000078000F000078000F000 078000F000078000F000078000F000078000F000078000F000078000F000078000F000078000F0 00078000F000078000F0000FC001F800FFFC1FFF80FFFC1FFF80211F7E9E25>110 D<001FC00000F0780001C01C00070007000F0007801E0003C01C0001C03C0001E03C0001E07800 00F0780000F0780000F0F80000F8F80000F8F80000F8F80000F8F80000F8F80000F8F80000F8F8 0000F8780000F07C0001F03C0001E03C0001E01E0003C01E0003C00F00078007800F0001C01C00 00F07800001FC0001D1F7E9E21>I<0783E0FF8C18FF907C0F907C07A07C07C03807C00007C000 07C000078000078000078000078000078000078000078000078000078000078000078000078000 0780000780000780000780000780000780000780000FC000FFFE00FFFE00161F7E9E19>114 D<01FC100E03301800F0300070600030E00030E00010E00010E00010F00010F800007E00003FF0 001FFF000FFFC003FFE0003FF00001F80000F880003C80003C80001CC0001CC0001CE0001CE000 18F00038F00030CC0060C301C080FE00161F7E9E1A>I<00400000400000400000400000400000 C00000C00000C00001C00001C00003C00007C0000FC0001FFFE0FFFFE003C00003C00003C00003 C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003 C01003C01003C01003C01003C01003C01003C01003C01001C02001E02000E0400078C0001F0014 2C7FAB19>I<078000F000FF801FF000FF801FF0000F8001F000078000F000078000F000078000 F000078000F000078000F000078000F000078000F000078000F000078000F000078000F0000780 00F000078000F000078000F000078000F000078000F000078000F000078000F000078000F00007 8000F000078001F000078001F000078001F000038002F00003C004F00001C008F800007030FF80 001FC0FF80211F7E9E25>I E end %%EndProlog %%BeginSetup %%Feature: *Resolution 300dpi TeXDict begin %%EndSetup %%Page: 1 1 0 bop 549 219 a Fp(P)n(ac)n(k)n(ets)22 b(F)-6 b(ound)21 b(on)g(an)h(In)n (ternet)773 340 y Fo(Stev)o(en)15 b(M.)g(Bello)o(vin)1179 322 y Fn(\003)802 437 y Fo(August)i(23,)f(1993)890 607 y Fm(Abstract)199 661 y Fl(As)10 b(part)g(of)f(our)i(securit)o(y)g(measures,)g(w)o(e)e(sp)q (end)i(a)f(fair)g(amoun)o(t)h(of)f(time)g(and)h(e\013ort)f(lo)q(oking)i(for)e (things)h(that)141 707 y(migh)o(t)k(otherwise)h(b)q(e)e(ignored.)23 b(Apart)14 b(from)g(assorted)h(attempted)g(p)q(enetrations,)i(w)o(e)d(ha)o(v) o(e)g(also)i(disco)o(v)o(ered)141 752 y(man)o(y)11 b(examples)g(of)f (anomalous)i(b)q(eha)o(vior.)18 b(These)10 b(range)h(from)f(excessiv)o(e)i Fk(ICMP)c Fl(messages)j(to)f(nominally-l)q(o)q(cal)141 798 y(broadcast)k(pac)o(k)o(ets)g(that)f(ha)o(v)o(e)h(reac)o(hed)g(us)f(from)g (around)h(the)f(w)o(orld.)37 952 y Fj(1)70 b(In)n(tro)r(duction)37 1043 y Fi(F)m(or)12 b(securit)o(y)h(reasons,)f(A)m(T&T's)g(connection)g(to)g (the)g(In)o(ternet)h(is)f(via)f(a)g(pair)h(of)f(application)f(gatew)o(a)o (ys[Che90)o(].)17 b(T)m(o)37 1093 y(main)o(tain)12 b(the)j(securit)o(y)h(of)e (the)h(gatew)o(a)o(ys,)f(w)o(e)h(monitor)d(them)i(for)g(attempted)g(in)o (trusions[Che92].)19 b(Recen)o(tly)m(,)14 b(w)o(e)37 1143 y(ha)o(v)o(e)h (also)f(started)i(lo)q(oking)d(for)h(more)g(in)o(v)o(en)o(tiv)o(e)g(p)q (enetration)h(attempts[Bel92b)o(].)20 b(W)m(e)14 b(ha)o(v)o(e)g(indeed)i (found)e(suc)o(h)37 1192 y(b)q(eha)o(vior.)k(While)13 b(lo)q(oking,)f (though,)h(w)o(e)h(noticed)h(a)e(surprising)h(amoun)o(t)e(of)i(other)g (anomalous)e(b)q(eha)o(vior,)h(pac)o(k)o(ets)37 1242 y(that)h(do)g(not)g(app) q(ear)g(to)g(indicate)g(an)f(attempted)h(break-in,)f(but)h(are)h(w)o(orth)o (y)e(of)h(atten)o(tion)f(nev)o(ertheless.)100 1292 y(W)m(e)18 b(are)h(curren)o(tly)h(running)f(three)h(t)o(yp)q(es)g(of)e(broad-sp)q (ectrum)h(monitors.)31 b(First,)20 b(a)f(w)o(orkstation)f(with)h(an)37 1342 y(Ethernet)14 b(con)o(troller)d(in)g(\\promiscuous)f(mo)q(de")g(lo)q (oks)h(for)g(pac)o(k)o(ets)h(not)f(destined)h(for)f(an)o(y)g(legal)f(mac)o (hine.)16 b(Second,)37 1392 y(w)o(e)f(run)g(\\pac)o(k)o(et)f(suc)o(k)o(ers")i (on)e(a)h(v)n(ariet)o(y)e(of)h(p)q(oten)o(tially-in)o(teresting)g(p)q(orts.) 20 b(Third,)14 b(w)o(e)h(ha)o(v)o(e)f(recen)o(tly)i(deplo)o(y)o(ed)37 1441 y(an)c Fh(ICMP)p Fi([P)o(os81)n(])f(monitor;)f(it)i(logs)e(most)h Fh(ICMP)g Fi(messages)g(receiv)o(ed)i(b)o(y)f(the)g(mac)o(hine.)k(Eac)o(h)c (of)f(these)i(has)e(detected)37 1491 y(o)q(dd)j(b)q(eha)o(vior.)j(Curren)o (tly)m(,)c(w)o(e)h(cannot)f(detect)i(attempts)e(to)g(connect)h(to)g(random)d Fh(TCP)i Fi(or)g Fh(UDP)g Fi(p)q(orts,)g(though)g(w)o(e)37 1541 y(are)i(con)o(templating)d(adding)h(that)h(abilit)o(y)m(.)37 1677 y Fj(2)70 b(Address)23 b(Space)g(Oddities)37 1767 y Fi(Our)14 b(setup)g(for)f(monitoring)e(address)j(space)g(prob)q(es)h(is)e(fairly)e(a)o (wkw)o(ard.)18 b(The)13 b(monitoring)e(mac)o(hine)g(is)j(lo)q(cated)f(in)37 1817 y(a)g(part)f(of)g(the)h(Murra)o(y)g(Hill)e(complex)g(far)h(remo)o(v)o (ed)g(from)f(the)i(liv)o(e)e(In)o(ternet)j(cable.)k(Accordingly)m(,)12 b(the)h(link)e(w)o(e)i(are)37 1867 y(using)f(includes)g(a)f(bridge,)g(whic)o (h)h(\014lters)g(out)f(some)g(pac)o(k)o(ets.)18 b(\(This)12 b(ma)o(y)d(b)q(e)j(just)g(as)g(w)o(ell,)e(as)i(it)f(reduces)j(the)e(load.\)) 37 1917 y(F)m(urthermore,)g(since)i(the)e(monitor)f(is)h(not)g(armored)f(the) i(w)o(a)o(y)f Fh(research.att.com)d Fi(is,)j(w)o(e)g(cannot)h(allo)o(w)d(it)i (to)g(talk)37 1967 y(to)17 b(the)h(In)o(ternet.)28 b(Accordingly)m(,)17 b(w)o(e)g(had)f(a)h(wire)g(cutter)h(in)o(tro)q(duce)g(itself)e(to)h(the)h (transmit)d(leads)i(on)g(the)g(drop)37 2017 y(cable.)h(But)c(this)f(created)h (a)f(problem)e(for)i(ARP)f(en)o(tries[Plu82]:)17 b(the)d(router)f(will)f(not) h(transmit)e(the)j(pac)o(k)o(ets)f(un)o(til)37 2066 y(it)j(has)f(a)g(v)n (alid)f(Ethernet)452 2051 y Fg(1)488 2066 y Fi(address,)j(and)e(the)h (monitoring)d(mac)o(hine)i(is)g(to)q(o)g(crippled)h(to)f(supply)h(one.)23 b(The)16 b(next)37 2116 y(ob)o(vious)f(c)o(hoice)h(is)f(to)g(ha)o(v)o(e)g Fh(research.att.com)d Fi(answ)o(er;)17 b(unfortunately)m(,)d(it)h(has)h(no)f (\\ra)o(w")f(driv)o(er)i(that)f(w)o(ould)37 2166 y(let)j(an)f(application)f (program)g(\014eld)i(ARP)f(requests.)31 b(W)m(e)17 b(resorted)i(to)e(p)q (opulating)g(its)g(k)o(ernel's)h(tables)g(as)f(b)q(est)37 2216 y(w)o(e)d(could;)f(unfortunately)m(,)g(these)i(tables)f(are)g(not)f(large)h (enough)f(to)h(p)q(ermit)e(complete)h(co)o(v)o(erage.)19 b(Our)14 b(selections,)37 2266 y(though)i(adequate)h(to)f(detect)i(securit)o(y)f (inciden)o(ts,)f(will)f(lik)o(ely)g(miss)g(attempts)g(to)h(reac)o(h)h(random) e(addresses.)26 b(In)37 2315 y(the)15 b(future,)f(w)o(e)g(hop)q(e)g(to)g(use) h(a)e(Plan)h(9)g(mac)o(hine[PPTT90)n(])f(to)h(act)g(as)g(our)g(ARP)g(agen)o (t.)p 37 2348 750 2 v 83 2375 a Ff(\003)101 2387 y Fe(A)m(T&T)g(Bell)d(Lab)q (oratories.)h Fd(smb@ulysse)o(s.a)o(tt.)o(com)84 2414 y Fc(1)101 2426 y Fe(Ethernet)e(is)h(a)g(registered)e(trademark)g(of)i(Xero)o(x)g(Corp)q (oration.)p 675 2554 600 1 v 164 2654 a Fi(Reprin)o(ted)k(from)d Fb(Computer)i(Communic)n(ations)i(R)n(eview)p Fi(,)d(July)g(1993,)g(V)m(ol.)f (23,)h(No.)g(3,)g(pp.)18 b(26{31.)965 2828 y(1)p eop %%Page: 2 2 1 bop 37 45 a Fa(2.1)56 b(Anomalous)18 b(Broadcasts)37 123 y Fi(None)k(of)e(this)g(w)o(as)h(necessary)i(to)d(detect)j(the)e(strangest)h (pac)o(k)o(ets)f(w)o(e)g(ha)o(v)o(e)g(seen:)33 b(those)21 b(addressed)i(to)d (host)37 173 y Fh(255.255.255.255)p Fi(,)12 b(the)k(IP)g(broadcast)g (address.)23 b(That)15 b(in)g(itself)g(w)o(ould)f(b)q(e)i(quite)g(ordinary)m (,)e(w)o(ere)i(they)g(lo)q(cally)37 223 y(generated.)k(They)13 b(w)o(ere)h(not.)k(On)c(at)f(least)g(three)i(o)q(ccasions,)e(w)o(e)h(ha)o(v)o (e)f(receiv)o(ed)h(broadcast)g(name)e(serv)o(er)j(pac)o(k)o(ets)37 273 y(from)10 b(other)j(companies;)d(more)h(recen)o(tly)m(,)h(w)o(e)g(receiv) o(ed)h(a)e(series)i(of)e(broadcasts)i(in)o(tended)f(for)f(an)h(lo)q(cal)e (application.)37 323 y(The)16 b(\014rst)g(instance)g(w)o(as)f(from)e(another) j(compan)o(y)e(connected)j(to)e(the)g(same)g(regional)f(net)o(w)o(ork)h(as)g (our)h(gatew)o(a)o(y;)37 372 y(the)f(other)f(three)i(in)o(v)o(olv)o(ed)c(tra) o(v)o(ersals)j(of)e(the)h(NSFnet)h(bac)o(kb)q(one)g(on)e(the)i(w)o(a)o(y)e (to)h(us.)100 423 y(W)m(e)g(cannot)i(explain)e(wh)o(y)h(suc)o(h)h(pac)o(k)o (ets)f(w)o(ould)g(reac)o(h)h(us.)22 b(If)14 b(router)i(bugs)f(p)q(ermit)g (suc)o(h)g(things)g(to)g(happ)q(en,)37 473 y(w)o(e)i(should)e(see)i(more)e (broadcast)i(pac)o(k)o(ets,)f(and)g(for)f(a)h(wider)g(range)g(of)f(p)q(orts.) 25 b(But)16 b(all)f(four)g(inciden)o(ts)i(in)o(v)o(olv)o(ed)37 523 y(sev)o(eral)d(pac)o(k)o(ets,)f(o)o(v)o(er)g(a)f(p)q(erio)q(d)h(ranging)f (from)f(min)o(utes)h(to)g(hours.)18 b(In)13 b(one)g(case)h(where)f(w)o(e)g(w) o(ere)h(able)e(to)h(con)o(tact)37 572 y(the)h(site's)f(administrator,)e(w)o (e)j(w)o(ere)g(told)e(that)h(their)g(primary)f(name)g(serv)o(er)i(had)f (crashed)h(ab)q(out)f(the)h(time)d(of)i(the)37 622 y(\014rst)h(burst)g(from)d (their)j(site.)k(No)13 b(theories)h(w)o(ere)g(prop)q(ounded)f(to)g(explain)g (another)g(broadcast)h(pac)o(k)o(et)f(from)e(them)37 672 y(sev)o(eral)k (hours)f(later.)100 723 y(Some)e(commercial)g(routers)j(can)f(b)q(e)g (con\014gured)h(to)e(forw)o(ard)h(suc)o(h)g(pac)o(k)o(ets,)h(if)e(destined)h (for)g(the)g(name)f(serv)o(er)37 773 y(or)g(selected)h(other)e(services.)20 b(But)12 b(the)h(paths)g(follo)o(w)o(ed,)d(in)i(at)g(least)g(t)o(w)o(o)g(of)f (the)i(cases,)h(w)o(ould)d(ha)o(v)o(e)h(in)o(v)o(olv)o(ed)f(other)37 822 y(t)o(yp)q(es)k(of)f(routers.)19 b(Other)c(suggested)g(causes)g(include)f (to)q(o)g(m)o(uc)o(h)f(blind)g(reliance)h(on)g(default)f(routes.)100 873 y(W)m(e)j(are)i(con)o(tin)o(uing)e(to)g(monitor)f(our)i(net)o(w)o(ork)g (for)g(suc)o(h)h(pac)o(k)o(ets.)28 b(Our)17 b(timestamps)e(are)i(sync)o (hronized)i(to)37 923 y(WWV,)13 b(in)h(case)h(an)o(y)o(one)e(else)i(has)f(an) o(y)f(logs)g(they)i(wish)f(to)f(matc)o(h)g(against)g(ours.)37 1044 y Fa(2.2)56 b(Non-Existen)n(t)17 b(Mac)n(hines)37 1122 y Fi(W)m(e)11 b(also)g(see)i(attempts)d(to)i(connect)g(to)f(o)q(dd)h (addresses)h(on)e(our)g(net)o(w)o(ork.)18 b(Some)10 b(of)g(these)j(are)f(v)o (ery)f(clearly)g(securit)o(y)37 1172 y(ev)o(en)o(ts)19 b(|)f(when)g(the)g (connections)h(requests)h(are)e(only)f(to)h(non-existen)o(t)h(mac)o(hines)d (nev)o(ertheless)21 b(listed)c(in)h(the)37 1221 y(Domain)10 b(Name)g(Serv)o(er)j(\(DNS\))f(database[Mo)q(c87)o(],)g(the)g(w)o(ord)f (\\random")f(do)q(es)i(not)g(apply)m(.)k(Similarly)l(,)9 b(systematic)37 1271 y(attempts)19 b(to)f(prob)q(e)h(the)g(en)o(tire)g(net)o(w)o(ork's)g (address)g(space)h(are)e(lik)o(ely)g(carried)h(out)f(with)g(hostile)g(in)o (ten)o(t.)32 b(But)37 1321 y(discoun)o(ting)15 b(those,)h(w)o(e)f(still)f (see)i(pac)o(k)o(ets)g(w)o(e)f(cannot)g(easily)g(explain,)f(pac)o(k)o(ets)h (destined)h(for)f(random)e(addresses)37 1371 y(of)h(ours.)100 1422 y(In)21 b(at)g(least)g(one)g(case,)j(the)d(cause)h(w)o(as)f(determined)g (to)g(b)q(e)h(rep)q(eated)h(corruption)e(of)f(the)i(sender's)h(DNS)37 1471 y(cac)o(he.)34 b(Someho)o(w,)18 b(a)g(particular)g(mac)o(hine)g(rep)q (eatedly)h(acquired)g(a)g(v)n(ariet)o(y)f(of)g(di\013eren)o(t)h(incorrect)h (addresses)37 1521 y(for)13 b Fh(research.att.com)o Fi(.)i(As)e(of)f(this)g (writing,)g(w)o(e)h(do)f(not)g(kno)o(w)g(where)i(these)g(addresses)h(are)e (coming)d(from.)16 b(The)37 1571 y(frequency)g(of)e(c)o(hange)h(is)f(high)g (enough)g(that)h(w)o(e)g(do)f(not)g(think)g(it)g(is)h(random)d(con)o (tamination)g(from)h(an)h(incorrect)37 1621 y(database;)g(they)g(w)o(ould)e (seem)i(to)f(b)q(e)h(generated)h(lo)q(cally)m(.)h(A)d(bac)o(kup)g(mac)o (hine,)f(running)h(the)h(same)f(hardw)o(are)h(and)37 1671 y(soft)o(w)o(are,)g (has)g(displa)o(y)o(ed)f(the)i(same)e(symptoms.)100 1721 y(W)m(e)g(ha)o(v)o (e)g(also)g(seen)i(n)o(umerous)e Fh(ftp)g Fi(requests)j(for)d(our)h(old)f (gatew)o(a)o(y)g(mac)o(hine,)f(whic)o(h)h(has)h(not)g(existed)g(for)g(at)37 1771 y(least)h(three)g(y)o(ears.)20 b(As)14 b(b)q(est)i(w)o(e)e(can)h(tell,)e (there)j(are)e(old)g(host)g(tables)h(b)q(eing)f(passed)h(around,)f(ev)o(en)g (to)g(new)h(sites.)37 1821 y(Most)e(of)e(these)j(requests)g(ha)o(v)o(e)d (come)h(from)e(non-U.S.)h(sites,)h(where)i(the)e(DNS)g(seems)g(to)g(b)q(e)h (used)f(less.)19 b(Giv)o(en)11 b(that,)37 1871 y(it)16 b(w)o(ould)f(seem)h (to)g(b)q(e)g(w)o(orth)o(while)g(to)f(re-adv)o(ertise)j(the)e(existence)i(of) d(the)i(standard)f Fh(hosts.txt)e Fi(\014le.)24 b(Y)m(es,)17 b(the)37 1921 y(DNS)d(is)g(m)o(uc)o(h)f(b)q(etter,)i(but)f(ev)o(en)g(a)g (static)g(host)g(table)g(is)g(b)q(etter)h(than)f(not)g(b)q(eing)g(able)g(to)f (comm)o(unicate)f(at)i(all.)37 2062 y Fj(3)70 b(Strange)23 b(Application)e(Requests)37 2155 y Fi(Some)13 b(strange)h(b)q(eha)o(vior)f(o) q(ccurs)i(at)e(the)h(application)e(la)o(y)o(er.)17 b(F)m(or)c(example,)f(w)o (e)h(ha)o(v)o(e)g(seen)i(a)e(n)o(um)o(b)q(er)g(of)f(requests)37 2205 y(to)18 b(connect)g(to)f(inexplicable)f(p)q(ort)i(n)o(um)o(b)q(ers.)27 b(W)m(e)17 b(kno)o(w)g(of)f(no)h(standard)h Fh(TCP)e Fi(daemons)g(that)i (listen)f(on)g(p)q(orts)37 2254 y Fh(2)p Fi(,)f Fh(42)p Fi(,)f Fh(70)p Fi(,)g(or)g Fh(525)p Fi(.)22 b(Nor)16 b(are)f(those)i(p)q(orts)f (listed)f(in)g(the)h(latest)g Fb(Assigne)n(d)h(Numb)n(ers)e Fi(RF)o(C[RP90)n(].)22 b(While)15 b(these)37 2304 y(particular)g(requests)h (app)q(eared)f(to)f(part)h(of)f(an)g(apparen)o(t)g(break-in)g(attempt,)g(it)g (is)g(unclear)h(to)f(us)g(wh)o(y)h(attac)o(k)o(ers)37 2354 y(should)f(b)q(other)h(probing)f(un)o(used)h(p)q(orts.)20 b(Conceiv)n(ably)m (,)12 b(these)k(are)e(standard)h(bac)o(k)f(do)q(ors)h(deplo)o(y)o(ed)f(and)g (used)h(b)o(y)37 2404 y(the)f(hac)o(k)o(er)g(comm)o(unit)o(y)c(\(and)j(do)q (cumen)o(ted,)g(no)g(doubt,)g(in)g(their)g(o)o(wn)g(RF)o(Cs)g(|)g (\\Resources)i(F)m(or)d(Crac)o(k)o(ers"\);)i(if)37 2454 y(so,)h(it)f(is)h (esp)q(ecially)g(unfortunate)g(that)g(most)f(systems)g(cannot)h(log)f (attempts)h(to)f(connect)i(to)f(un)o(used)g(p)q(orts.)22 b(W)m(e)37 2503 y(w)o(ere)16 b(luc)o(ky)f(to)g(notice)g(these)i(requests;)g(the)f(attac) o(k)o(er)f(tried)h(to)f(connect)h(to)f Fh(9net.att.com)p Fi(,)d(a)j(Plan)f(9) h(mac)o(hine,)37 2553 y(and)f(its)g(design)g(philosoph)o(y)f(made)g (detection)i(quite)e(easy)m(.)100 2604 y(On)k(a)f(n)o(um)o(b)q(er)f(of)h(o)q (ccasions,)i(w)o(e)e(ha)o(v)o(e)h(seen)g(attempts)f(to)h(connect)h(to)e(our)g (NNTP)h(p)q(ort[KL86].)25 b(Since)17 b(w)o(e)37 2654 y(do)e(not)g(run)g(NNTP) m(,)f(suc)o(h)h(requests)i(are)e(de\014nitely)g(out)f(of)h(line.)20 b(As)15 b(b)q(est)g(w)o(e)g(can)g(tell,)f(the)i(usual)e(motiv)n(ation)e(is)37 2704 y(a)j(desire)g(to)g(read)g(newgroups)g(disallo)o(w)o(ed)e(b)o(y)i(lo)q (cal)e(administrativ)o(e)g(p)q(olicy)m(.)19 b(Other)c(reasons)h(include)f(a)f (desire)i(to)p eop %%Page: 3 3 2 bop 37 45 a Fi(submit)12 b(forged)h(articles,)g(and)f(|)g(in)h(one)g (instance)g(|)f(a)h(purp)q(orted)h(desire)f(to)g(determine)g(whether)h(or)f (not)f(a)h(news)37 95 y(article)i(had)f(b)q(een)h(passed)g(on.)k(Certainly)m (,)13 b(there)i(ma)o(y)e(b)q(e)h(securit)o(y)h(\015a)o(ws)g(in)e(the)i (standard)g(NNTP)f(daemon.)k(W)m(e)37 145 y(ha)o(v)o(e)c(no)g(evidence)h(for) f(or)f(against)h(this)g(prop)q(osition.)100 195 y(On)21 b(sev)o(eral)g(o)q (ccasions,)h(our)f(RPC[Sun90)o(,)f(Sun88])g(monitors)f(ha)o(v)o(e)i(detected) h(attempts)f(to)f(send)i(\\)p Fh(wall)p Fi(")37 244 y(broadcast)14 b(messages)f(to)f(our)h(mac)o(hine.)k(On)c(at)f(least)h(one)g(o)q(ccasion,)g (the)g(request)i(came)d(from)f(a)h(site)i(in)e(German)o(y)m(.)37 294 y(In)o(v)o(estigation)i(of)g(the)i(co)q(de)f(for)g(the)g Fh(rwall)e Fi(command)f(sho)o(w)o(ed)j(that)g(if)f(an)g(en)o(try)i(in)e(the)h Fh(netgroup)e Fi(\014le)i(w)o(as)g(not)37 344 y(a)i(v)n(alid)d(host)j(name,)e (it)h(w)o(as)g(presumed)h(to)f(b)q(e)h(a)f(wild)g(card.)25 b(This)17 b(in)e(turn)i(caused)h(the)f(broadcast)g(message)f(to)37 394 y(b)q(e)g(sen)o(t)g(to)e(ev)o(ery)i(mac)o(hine)e(listed)g(in)h(the)g (host)g(\014le.)21 b(The)16 b(com)o(bination)c(of)i(this)h(prop)q(ert)o(y)h (of)e(the)i(co)q(de,)f(and)g(the)37 444 y(apparen)o(t)g(p)q(ersistence)h(of)e (host)g(tables,)f(can)i(cause)f(a)g(mind-b)q(oggling)c(n)o(um)o(b)q(er)k(of)f (messages)h(to)f(b)q(e)i(sen)o(t.)37 560 y Fa(3.1)56 b(Wild)18 b(and)h(Crazy)g(SNMP)g(Agen)n(ts)37 637 y Fi(The)13 b(most)e(am)o(using)e (application-lev)o(el)h(o)q(ddit)o(y)i(w)o(e)g(ha)o(v)o(e)g(seen)h(w)o(as)f (an)f(SNMP)i(message[CFSD90)n(])f(from)e(a)i(distan)o(t)37 687 y(univ)o(ersit)o(y)m(.)19 b(In)o(v)o(estigation)14 b(sho)o(w)o(ed)g(that) g(this)h(w)o(as)f(a)g(case)h(of)f(an)g(o)o(v)o(erly-helpful)f(net)o(w)o(ork)h (managemen)o(t)e(system.)37 737 y(Apparen)o(tly)m(,)20 b(sev)o(eral)g(suc)o (h)f(systems)h(ha)o(v)o(e)f(automatic)e(or)i(semi-automati)o(c)e(top)q(ology) g(disco)o(v)o(ery)j(mec)o(hanisms.)37 787 y(This)12 b(is)g(useful)g(|)g (creating)g(a)f(net)o(w)o(ork)i(map)d(is)i(hard)g(w)o(ork)f(for)h(an)o(y)f (en)o(tit)o(y)h(large)g(enough)g(to)g(need)g(a)g(managemen)o(t)37 836 y(system)i(|)f(but)h(suc)o(h)g(features)h(need)f(to)g(b)q(e)g(con)o (trolled.)k(In)o(ternet-wide)d(broadcasts)f(are)g(distressing)h(enough;)e (the)37 886 y(though)o(t)h(of)f(implemen)o(ting)e(them)i(b)o(y)h(stepping)g (through)g(the)g(en)o(tire)h(address)g(space)g(is)f(horrifying.)100 936 y(This)h(w)o(as)g(not)g(an)h(isolated)e(inciden)o(t.)23 b(W)m(e)15 b(describ)q(ed)i(what)e(happ)q(ened)i(in)e(the)h(RISKS)f (Digest[Bel92a)o(],)g(and)37 986 y(receiv)o(ed)j(sev)o(eral)f(rep)q(orts)g (of)f(similar)e(inciden)o(ts)i(elsewhere.)27 b(Indeed,)18 b(w)o(e)e(ha)o(v)o (e)g(had)g(runa)o(w)o(a)o(ys)g(b)q(other)h(us)g(since)37 1036 y(then,)e(including)d(once)j(from)d(the)j(con)o(trol)e(cen)o(ter)j(of)d(a)h (regional)f(net)o(w)o(orks.)37 1173 y Fj(4)70 b(ICMP)22 b(P)n(eculiaritie)o (s)37 1265 y Fi(A)17 b(recen)o(t)h(glance)e(at)h(the)g(output)f(of)g(the)h Fh(netstat)e Fi(command)f(sho)o(w)o(ed)j(sev)o(eral)g(p)q(eculiarities.)25 b(W)m(e)17 b(w)o(ere)g(seeing)37 1314 y(non-zero)g(coun)o(ters)g(for)e(\\bad) g(co)q(de)i(\014elds")f(and)f(for)h(\\routing)f(redirects".)25 b(The)16 b(latter)g(w)o(as)f(esp)q(ecially)h(strange,)37 1364 y(since)f(w)o(e)e(ha)o(v)o(e)h(only)e(one)i(router)h(on)e(that)g(net)o(w)o (ork.)18 b(Giv)o(en)13 b(the)h(o)q(ddities,)f(and)h(giv)o(en)f(the)h (theoretical)g(p)q(ossibilit)o(y)37 1414 y(of)d(an)g(attac)o(k)h(via)e Fh(ICMP)21 b(Redirect)p Fi([Bel89)n(])11 b(messages,)h(w)o(e)f(wrote)h(a)f (monitor)f(to)h(log)f(all)h Fh(ICMP)f Fi(messages.)17 b(As)12 b(usual,)37 1464 y(w)o(e)j(sa)o(w)e(more)g(than)h(w)o(e)g(w)o(ere)h(lo)q (oking)d(for.)100 1514 y(The)e Fh(Redirect)e Fi(messages)i(w)o(ere)g(a)g(bit) f(elusiv)o(e;)i(they)f(only)f(seemed)h(to)f(come)g(from)f(certain)i(sites.)18 b(W)m(e)9 b(ev)o(en)o(tually)37 1564 y(trapp)q(ed)18 b(a)d(burst)i(of)f (them.)24 b(Apparen)o(tly)m(,)16 b(a)g(dial-up)f(IP)h(serv)o(er)i(of)e(some)f (sort)i(will)d(emit)h(them,)h(p)q(ossibly)g(if)f(the)37 1613 y(remote)f(end)g(is)f(not)h(a)o(v)n(ailable.)i(The)e(messages)g(said,)e(in)i (e\013ect,)h(\\to)e(reac)o(h)h(host)g Fh(X)p Fi(,)f(use)i Fh(X)e Fi(as)h(the)g(gatew)o(a)o(y".)j(Suc)o(h)37 1663 y(a)h(message)g(is)g(clearly) g(erroneous)h(ev)o(en)g(if)e Fh(Redirect)p Fi(s)g(w)o(ere)i(legal)e(when)h (sen)o(t)h(from)e(other)h(than)g(the)h(\014rst-hop)37 1713 y(router.)g(Not)11 b(only)g(that,)h(the)g(connection)h(information)c (returned)k(w)o(as)f(erroneous,)h(with)e(constan)o(t)h(\(and)g(incorrect\))37 1763 y(v)n(alues)i(giv)o(en)g(for)g(the)g(lo)q(cal)f(and)h(remote)g(p)q(ort)g (n)o(um)o(b)q(ers,)g(and)g(ev)o(en)g(the)h(remote)f(host)g(n)o(um)o(b)q(er,)f (i.e.,)g(the)h(v)n(alue)g Fh(X)37 1813 y Fi(referred)k(to)e(ab)q(o)o(v)o(e.) 23 b(A)o(ttempts)15 b(to)h(trace)h(the)f(route)g(sho)o(w)o(ed)g(that)g(the)g (serv)o(er)i(w)o(as)d(indeed)i(confused;)g(a)e(routing)37 1862 y(lo)q(op)f(app)q(eared)g(as)g(w)o(ell,)f(though)h(that)g(ma)o(y)e(b)q(e)i (an)g(artifact)f(of)h(the)g Fh(traceroute)e Fi(program.)100 1912 y(W)m(e)17 b(ev)o(en)o(tually)h(learned)g(that)g(the)h(target)f(address) h(that)f(caused)h(the)g(trouble)f(is)g(in)f(realit)o(y)g(the)i(broadcast)37 1962 y(address)i(for)d(a)h(subnet.)34 b(This)19 b(explains)f(some)g(of)h (what)g(w)o(e)g(sa)o(w;)i(a)d(broadcast)i(storm)e(can)h(certainly)g(confuse) 37 2012 y(routers.)g(And)13 b(wh)o(y)f(w)o(ere)h(w)o(e)f(trying)g(to)g(send)h (messages)g(to)f(a)g(broadcast)h(address?)19 b(Because)14 b Fh(our)d Fi(DNS)h(cac)o(he)i(w)o(as)37 2062 y(corrupted;)h(it)f(listed)g(15)f (incorrect)i(addresses)h(\(and)e(2)g(correct)h(ones\))g(for)f(a)f(v)o(ery)h (p)q(opular)g(mail)d(rela)o(y)j(host.)100 2112 y(Our)h Fh(ICMP)e Fi(monitor)f(also)i(detected)i(the)f(source)h(of)d(at)h(least)h(some)e(of)h (the)h(\\bad)e(co)q(de)i(\014eld")f(messages.)20 b(Some)37 2161 y(routers,)c(including)d(a)i(few)f(that)h(app)q(ear)g(to)f(b)q(e)h(part) g(of)f(the)h(NSFnet)g(bac)o(kb)q(one,)g(emitted)e Fh(Source)21 b(Quench)13 b Fi(mes-)37 2211 y(sages)k(with)e(a)g(non-zero)i(co)q(de)f (\014eld.)24 b(This)15 b(app)q(ears)i(to)e(b)q(e)h(an)g(ancien)o(t)g(bug)f (that)h(w)o(as)f(part)h(of)f(early)h(releases)h(of)37 2261 y(4.3)p Fh(BSD)p Fi(.)10 b(Unfortunately)m(,)g(man)o(y)f(p)q(opular)i Fh(ICMP)f Fi(implemen)o(tations)e(will)i(ignore)h(messages)g(with)g(in)o(v)n (alid)e(co)q(de)i(\014elds,)37 2311 y(recen)o(t)k(RF)o(C's)e(not)o (withstanding[Bra89)o(].)k(Th)o(us,)d(at)f(the)h(precise)h(time)d(when)i(a)f (router)h(is)f(strapp)q(ed)i(for)e(resource,)37 2361 y(it)h(is)g(sending)g (useless)h Fh(Source)21 b(Quench)12 b Fi(messages.)37 2477 y Fa(4.1)56 b(Firew)n(all)18 b(Routers)37 2554 y Fi(Man)o(y)f(of)f(the)h Fh(Destination)j(Unreachable)14 b Fi(messages)j(w)o(e)g(receiv)o(ed)h(came)e (from)f(so-called)h(\\\014rew)o(all)g(routers".)37 2604 y(These)i(are)e (routers)h(with)f(v)o(ery)g(restrictiv)o(e)i(access)f(con)o(trol)f(lists;)h (their)f(purp)q(ose)h(is)f(to)g(protect)h(hosts)f(within)g(an)37 2654 y(organization,)f(m)o(uc)o(h)f(as)h(our)h(gatew)o(a)o(ys)f(do.)22 b(Unfortunately)m(,)15 b(the)h(precise)h(con\014guration)e(of)g(suc)o(h)h (gatew)o(a)o(ys)f(can)37 2704 y(and)f(do)q(es)h(cause)g(trouble.)p eop %%Page: 4 4 3 bop 100 45 a Fi(W)m(e)16 b(encoun)o(tered)j(problems)d(with)h(a)g(n)o(um)o (b)q(er)f(of)g(these)j(routers.)28 b(A)o(ttempts)17 b(to)g(send)h(mail)c(to)j (destinations)37 95 y(b)q(ey)o(ond)g(the)f(\014rew)o(all)f(generated)i(large) f(\015urries)g(of)f Fh(Host)21 b(Unreachable)14 b Fi(messages.)24 b(Analysis)15 b(sho)o(w)o(ed)h(that)g(the)37 145 y(problem)i(stemmed)f(from)g (the)j(desire)g(to)e(presen)o(t)j(a)d(di\013eren)o(t)i(face)f(to)g(the)g (inside)g(than)g(to)f(the)i(outside.)33 b(F)m(or)37 195 y(example,)14 b(DNS)h Fh(NS)g Fi(records)i(p)q(oin)o(ted)e(to)g(b)q(oth)g(the)h(in)o (ternal)f(serv)o(ers,)i(to)e(whic)o(h)g(access)i(w)o(as)e(blo)q(c)o(k)o(ed,)g (as)g(w)o(ell)f(as)37 244 y(to)h(the)h(p)q(ermitted)f(gatew)o(a)o(y)f(mac)o (hines.)21 b(F)m(or)14 b(whatev)o(er)i(reasons,)g(our)f(resolv)o(er)h(tended) g(to)f(mak)o(e)e(large)i(n)o(um)o(b)q(ers)37 294 y(of)k(queries)g(to)g(the)g (in)o(ternal)g(DNS)f(serv)o(ers.)35 b(The)19 b(resolv)o(er)g(did)g(not)g(see) g(the)h Fh(ICMP)e Fi(rejections,)i(and)f(p)q(erceiv)o(ed)37 344 y(the)c(problem)e(only)g(as)h(a)g(timeout.)j(Ev)o(en)o(tually)m(,)12 b(it)i(w)o(ould)f(switc)o(h)i(to)e(the)i(next)g(serv)o(er)g(in)f(the)g Fh(NS)g Fi(list;)f(un)o(til)g(then,)37 394 y(retransmissions)e(to)f(the)h (original)e(serv)o(er)j(w)o(ould)e(generate)i(new)f(b)q(ounce)g(messages.)17 b(A)11 b(similar)d(situation)i(existed)h(in)37 444 y(the)h Fh(MX)f Fi(records.)19 b(A)11 b(mo)q(derately-large)f(n)o(um)o(b)q(er)g(of)h (gatew)o(a)o(ys)g(w)o(ere)h(sho)o(wn;)f(only)g(the)g(least-desirable)h(ones,) g(b)o(y)f(the)37 493 y(included)h(metrics,)f(w)o(ere)h(reac)o(hable)f(from)f (the)h(outside.)18 b(Th)o(us,)11 b(mail)e(deliv)o(eries)i(to)g(this)g(site)h (w)o(ere)g(quite)f(exp)q(ensiv)o(e;)37 543 y(a)h(long)f(list)g(of)g(failures) h(had)f(to)h(b)q(e)g(endured)h(b)q(efore)g(a)e(successful)j(connection)e(w)o (as)g(established.)18 b(The)12 b(problem)f(w)o(as)37 593 y(comp)q(ounded)i(b) o(y)g(the)h(apparen)o(t)g(inabilit)o(y)d(of)i(our)g(lo)q(cal)g Fh(TCP)f Fi(to)i(pro)q(cess)h Fh(Destination)k(Unreachable)11 b Fi(messages)37 643 y(at)j(this)g(p)q(oin)o(t;)f(instead,)h(the)g (connection)h(attempts)e(had)h(to)g(time)e(out,)i(a)f(length)o(y)h(pro)q (cess.)100 694 y(The)j(ro)q(ot)g(cause)i(of)d(these)j(failures)d(is)h(not,)h (strictly)f(sp)q(eaking,)h(a)e(proto)q(col)h(problem.)27 b(Rather,)17 b(there)i(is)e(an)37 744 y(op)q(erational)g(w)o(eakness)h(in)e(the)i (existing)f(name)e(serv)o(er)k(implemenatio)o(ns.)25 b(Clearly)m(,)16 b(the)i(administrator)d(did)i(not)37 794 y(w)o(an)o(t)f(us)h(to)f(try)h(to)f (reac)o(h)h(the)g(blo)q(c)o(k)o(ed)g(hosts.)26 b(Ideally)m(,)15 b(the)i(answ)o(ers)g(returned)h(b)o(y)e(their)h(DNS)f(serv)o(ers)j(should)37 844 y(b)q(e)f(\014ltered:)26 b(outsiders)18 b(should)g(nev)o(er)g(receiv)o(e) g Fh(NS)f Fi(or)h Fh(MX)e Fi(records)j(naming)c(suc)o(h)j(hosts.)29 b(But)18 b(there)h(is)e(no)g(easy)37 894 y(w)o(a)o(y)c(to)g(do)f(this.)18 b(What)13 b(is)g(needed)h(is)f(some)f(sort)i(of)e(general)h(\014ltering)g (language)f(for)h(the)g(name)f(serv)o(er,)j(sp)q(ecifying)37 943 y(comm)o(unities)d(of)h(in)o(terest)i(and)f(what)g(records)h(they)f(are)h (allo)o(w)o(ed)d(to)i(see.)100 995 y(W)m(e)i(are)h(not)f(claiming)d(that)k (suc)o(h)g(a)f(mec)o(hanism)e(is)i(a)g(securit)o(y)i(feature.)26 b(Unless)17 b(and)f(un)o(til)g(authen)o(tication)37 1045 y(is)j(added)f(to)g (the)h(DNS,)f(the)g(lev)o(el)g(of)g(securit)o(y)h(it)f(could)g(pro)o(vide)g (is)g(fairly)f(lo)o(w.)30 b(Rather,)19 b(w)o(e)g(are)f(lo)q(oking)f(for)37 1095 y(p)q(erformance)e(impro)o(v)o(emen)o(ts,)e(and)i(for)f(the)i (elimination)c(of)i(these)j(unneeded)f(and)f(un)o(w)o(an)o(ted)g(pac)o(k)o (ets)h(aimed)e(at)37 1144 y(inside)g(hosts.)37 1270 y Fa(4.2)56 b(A)19 b(DNS)g(Virus?)37 1349 y Fi(As)14 b(noted)f(ab)q(o)o(v)o(e,)f (incorrect)i(DNS)e(information)e(exists.)18 b(It)13 b(is)f(not)h(clear)g(wh)o (y)f(this)h(happ)q(ens;)h(that)e(it)h(do)q(es)g(happ)q(en)37 1399 y(is)g(indisputable.)k(W)m(orse)12 b(y)o(et,)g(the)h(incorrect)h (information)9 b(can)k(spread.)18 b(If)12 b(a)g(site)h(that)f(has)h(a)f(bad)g (resource)i(record)37 1449 y(is)g(queried)f(ab)q(out)g(it,)g(the)h(serv)o(er) g(will)e(blithely)g(return)j(the)f(erroneous)g(information,)c(thereb)o(y)k (con)o(taminating)d(the)37 1499 y(cac)o(he)i(of)f(another)g(site.)18 b(W)m(e)11 b(th)o(us)i(ha)o(v)o(e)f(something)e(with)i(c)o(haracteristics)i (akin)d(to)g(a)h(virus:)17 b(a)12 b(m)o(utan)o(t)e(record)j(that)37 1549 y(uses)j(standard)e(facilities)f(to)h(repro)q(duce)i(itself.)i(It)c (\\wins")f(if)h(it)f(can)h(infect)h(a)e(high-lev)o(el)g(serv)o(er,)i(thereb)o (y)h(causing)37 1599 y(it)e(to)g(spread)h(to)e(almost)f(an)o(y)o(one)i(who)f (tries)i(to)f(\014nd)g(out)g(the)g(correct)i(address)f(for)e(the)i (destination.)100 1650 y(The)e(w)o(ord)g(\\m)o(utan)o(t")e(ma)o(y)m(,)f(in)i (fact,)h(b)q(e)g(literally)f(correct.)19 b(One)14 b(p)q(ossible)f (explanation)f(for)g(the)i(origin)d(of)i(suc)o(h)37 1700 y(records)h(is)e (undetected)i(corruption)e(of)g(DNS)f(data)h(while)f(in)h(transit.)17 b(This)12 b(is)g(not)g(at)g(all)e(unlik)o(ely)m(,)h(esp)q(ecially)h(since)37 1750 y(at)i(least)f(one)g(ma)r(jor)f(v)o(endor)h(ships)h(mac)o(hines)e(with)h Fh(UDP)f Fi(c)o(hec)o(ksum)i(v)n(alidation)c(and)j(generation)h(disabled.)j (Other)37 1799 y(causes)f(include)e(address)h(and)f(name)f(c)o(hanges)h(to)g (name)f(serv)o(ers.)20 b(If)14 b(not)g(done)g(carefully)m(,)f(at)g(b)q(oth)h (the)h(delegating)37 1849 y(site)h(and)f(the)h(primary)e(and)h(secondary)h (serv)o(ers)h(for)e(the)h(zone,)g(records)g(con)o(taining)f(the)g(union)g(of) g(b)q(oth)g(old)g(and)37 1899 y(new)g(information)c(will)h(b)q(e)j (propagated.)j(W)m(e)13 b(ha)o(v)o(e)h(seen)h(this)f(failure)f(mo)q(de)g(in)g (our)h(in)o(ternal)g(net)o(w)o(ork.)37 2024 y Fa(4.3)56 b(Rejected)17 b(DNS)i(Messages)37 2104 y Fi(Our)13 b Fh(ICMP)e Fi(detected)j(a)e (surprisingly)f(large)h(n)o(um)o(b)q(er)f(of)h Fh(Port)21 b(Unreachable)9 b Fi(messages,)j(most)f(of)g(them)g(to)h(or)g(from)37 2154 y(p)q(ort)19 b(53,)g(the)g(DNS)f(p)q(ort.)32 b(Suc)o(h)19 b(messages)f (suggest)i(that)e(a)g(DNS)h(resp)q(onse)h(has)e(arriv)o(ed)h(after)g(the)g (querying)37 2204 y(pro)q(cess)e(has)d(terminated.)20 b(Most)15 b(lik)o(ely)m(,)d(these)k(indicate)e(that)h(more)e(than)i(one)g(pac)o(k)o(et) f(w)o(as)h(sen)o(t)g(out)g(for)f(a)g(giv)o(en)37 2254 y(query)m(,)f(with)f (some)g(resp)q(onses)j(dela)o(y)o(ed)e(o)o(v)o(erly)f(long)g(in)g(transit.)18 b(Ab)q(out)13 b(65\045)e(of)i(the)g Fh(ICMP)f Fi(messages)g(w)o(ere)i(to)f (and)37 2303 y(from)h(pro)q(cesses)k(on)d(the)g(lo)q(cal)f(mac)o(hine,)g (indicating)g(that)h(our)g(o)o(wn)g(queries)h(w)o(ere)g(rep)q(eated.)24 b(The)15 b(rest)i(indicate)37 2353 y(that)d(the)h(lo)q(cal)e(DNS)h(serv)o(er) h(sen)o(t)g(bac)o(k)f(late)f(resp)q(onses)k(to)c(outside)h(inquiries.)100 2405 y(DNS)h(queries)h(are)g(in)f(some)f(sense)j(a)e(parasitic)g(load.)21 b(There)c(is)e(generally)g(no)g(v)n(alue)f(to)h(the)h(information)d(p)q(er)37 2455 y(se;)j(rather,)f(a)f(DNS)g(query)h(generally)f(indicates)h(a)f(desire)i (to)e(op)q(en)h(up)g(a)f(useful)h(connection)g(for)f(things)g(lik)o(e)g(mail) 37 2504 y(deliv)o(ery)m(.)29 b(A)17 b(lo)q(cally-generated)g(query)h(means)f (that)g(our)h(host)f(wishes)h(to)g(send)g(information;)e(a)h(remote)g(query) 37 2554 y(means)e(that)g(someone)f(w)o(an)o(ts)h(to)g(send)h(something)d(to)i (us.)22 b(Accordingly)m(,)14 b(w)o(e)h(compared)g(the)g(n)o(um)o(b)q(er)g(of) f(lo)q(cally-)37 2604 y(generated)e(rejections)g(with)f(the)g(n)o(um)o(b)q (er)f(of)g(outgoing)f(calls)i(during)f(the)h(same)f(p)q(erio)q(d,)h(and)g (the)g(n)o(um)o(b)q(er)f(of)g(remote)37 2654 y(rejections)17 b(of)e(our)g(DNS)g(resp)q(onses)j(with)c(the)i(n)o(um)o(b)q(er)f(of)g (incoming)e(calls.)21 b(The)16 b(results)g(w)o(ere)h(alarmingl)o(y)c(high,)37 2704 y(on)f(the)h(order)g(of)e(50-60\045.)16 b(That)c(is,)g(ab)q(out)g(half)f (the)i(connections)g(made)e(in)o(v)o(olv)o(ed)f(rep)q(eated)k(DNS)e (inquiries,)g(with)p eop %%Page: 5 5 4 bop 37 45 a Fi(the)14 b(rep)q(etition)g(due)f(to)g(CPU)h(or)f(net)o(w)o (ork)g(load.)k(Giv)o(en)c(that)g(man)o(y)e(calls)i(can)g(b)q(e)h(made)e (solely)g(with)h(reference)j(to)37 95 y(the)e(DNS)f(cac)o(he,)h(it)f(w)o (ould)f(seem)h(that)h(either)g(resolv)o(er)g(retransmit)f(timers)f(are)i(set) g(m)o(uc)o(h)e(to)q(o)h(lo)o(w,)f(or)h(that)g(there)37 145 y(is)h(some)f(unsusp)q(ected)k(name)12 b(serv)o(er)k(bug)e(that)g(causes)h (unneeded)g(transmissions.)100 195 y(The)c(quan)o(titativ)o(e)e(asp)q(ects)k (of)c(this)i(analysis)f(are)h(somewhat)e(susp)q(ect.)19 b(There)12 b(are)f(t)o(w)o(o)f(serv)o(ers)i(for)f(our)f(domain,)37 245 y(and)i(t)o(w)o(o)f(gatew)o(a)o(ys;)h(w)o(e)g(are)h(only)e(monitoring)e(one)j (of)f(eac)o(h.)18 b(Conceiv)n(ably)m(,)10 b(our)i(serv)o(er)h(is)f(seeing)g (a)g(disprop)q(ortion-)37 295 y(ate)k(n)o(um)o(b)q(er)f(of)g(DNS)g(queries)h (compared)f(with)g(the)h(n)o(um)o(b)q(er)f(of)f(in)o(b)q(ound)h(mail)e (messages.)23 b(But)16 b(w)o(e)f(did)g(see)i(the)37 344 y(same)10 b(results)i(for)e(outb)q(ound)h(messages,)f(when)h(the)h(confounding)d (factor)i(w)o(as)f(absen)o(t.)18 b(W)m(e)10 b(plan)g(to)g(in)o(v)o(estigate)g (this)37 394 y(further,)15 b(deplo)o(ying)d(appropriate)i(monitors)e(on)h(b)q (oth)h(mac)o(hines.)j(W)m(e)c(also)h(plan)f(to)g(trap)h(and)f(analyze)h (sequences)37 444 y(of)j(DNS)g(queries,)h(resp)q(onses,)i(and)c(rejections,)j (an)e(in)o(v)o(estigation)e(our)i(curren)o(t)i(monitoring)14 b(con\014guration)j(do)q(es)37 494 y(not)d(p)q(ermit.)37 634 y Fj(5)70 b(Conclusions)37 726 y Fi(T)m(o)13 b(some,)f(our)h(observ)n(ations) g(can)g(b)q(e)h(summarized)d(succinctly)j(as)f(\\bugs)g(happ)q(en".)18 b(That)13 b(certainly)g(is)g(not)g(news.)37 775 y(But)j(dismissing)e(our)h (results)h(so)f(ca)o(v)n(alierly)f(misses)h(the)h(p)q(oin)o(t.)21 b(Y)m(es,)16 b(bugs)f(happ)q(en.)23 b(But)16 b(bugs)f(can)h(b)q(e)f(\014xed)h (|)37 825 y Fb(if)i Fi(they)g(are)g(detected.)32 b(The)19 b(In)o(ternet)g (is,)f(as)g(a)f(whole,)h(w)o(orking)f(remark)n(ably)f(w)o(ell.)29 b(Huge)19 b(soft)o(w)o(are)e(pac)o(k)n(ages)37 875 y(\(i.e.,)d Fh(X11R5)p Fi(\))f(can)i(b)q(e)g(distributed)g(electronically)m(.)k (Connections)c(span)f(the)h(glob)q(e.)k(But)c(the)g(v)o(ery)g(success)i(of)d (the)37 925 y(In)o(ternet)i(mak)o(es)d(some)g(bugs)h(in)o(visible.)100 975 y(Because)k(of)e(our)g(monitoring,)e(w)o(e)i(are)h(able)f(to)g(sp)q(ot)g (certain)h(classes)h(of)d(misb)q(eha)o(vior)g(that)h(are,)h(in)f(general,)37 1025 y(not)f(seen.)23 b(Unfortunately)m(,)14 b(unlik)o(e)g(our)h(securit)o(y) h(logging)d(recommendations[Bel92b)n(],)h(man)o(y)f(of)i(the)g(tec)o(hniques) 37 1075 y(discussed)h(here)g(are)e(not)h(practical)f(elsewhere.)21 b(T)m(rying)13 b(to)h(analyze)g(b)q(ogus)g(IP)h(destination)f(addresses)i(on) e(a)g(busy)37 1125 y(Ethernet)i(cable)d(do)q(es)i(not)e(w)o(ork,)g(for)g (example.)j(But)f(the)f(underlying)f(problems)f(they)i(are)g(symptomatic)d (of)i(ha)o(v)o(e)37 1174 y(not)19 b(thereb)o(y)h(gone)f(a)o(w)o(a)o(y)m(.)31 b(W)m(e)18 b(therefore)j(suggest)e(that,)h(di\016culties)e(not)o (withstanding,)h(others)h(mak)o(e)d(similar)37 1224 y(e\013orts)e(to)d (instrumen)o(t)h(at)g(least)g(p)q(ortions)g(of)f(their)h(net)o(w)o(orks.)19 b(That)12 b(is)h(the)h(only)e(w)o(a)o(y)g(some)g(of)h(these)h(subtle)f(\(and) 37 1274 y(not)h(so)g(subtle\))h(problems)e(will)f(b)q(e)j(detected)h(and)d (eliminated.)37 1414 y Fj(References)95 1506 y Fi([Bel89])19 b(Stev)o(en)d(M.)e(Bello)o(vin.)19 b(Securit)o(y)c(problems)f(in)g(the)h (TCP/IP)f(proto)q(col)h(suite.)20 b Fb(Computer)15 b(Communi-)239 1555 y(c)n(ations)g(R)n(eview)p Fi(,)f(19\(2\):32{48,)d(April)i(1989.)74 1640 y([Bel92a])19 b(Stev)o(en)g(M.)e(Bello)o(vin.)29 b(\\Helpful")17 b(self-con\014guring)g(programs.)29 b Fb(RISKS)19 b(Digest)p Fi(,)g(13\(25\),)f(Marc)o(h)g(5)239 1690 y(1992.)72 1775 y([Bel92b])h(Stev)o (en)c(M.)f(Bello)o(vin.)k(There)e(b)q(e)f(dragons.)k(In)14 b Fb(Pr)n(o)n(c.)h(UNIX)g(Se)n(curity)g(Symp)n(osium)h(III)p Fi(,)d(pages)i(1{16,)239 1825 y(Baltimore,)d(Septem)o(b)q(er)i(1992.)88 1910 y([Bra89])19 b(R.T.)d(Braden,)j(ed.)28 b Fb(R)n(e)n(quir)n(ements)18 b(for)f(Internet)h(hosts)g(-)g(c)n(ommunic)n(ation)g(layers.)p Fi(,)f(Octob)q(er)i(1989.)239 1960 y(RF)o(C)14 b(1122.)42 2045 y([CFSD90])19 b(J.D.)14 b(Case,)g(M.)g(F)m(edor,)f(M.L.)h(Sc)o(ho\013stall,)f (and)h(C.)g(Da)o(vin.)j Fb(Simple)e(Network)g(Management)h(Pr)n(oto)n(c)n(ol) 239 2094 y(\(SNMP\))p Fi(,)e(Ma)o(y)g(1990.)j(RF)o(C)c(1157.)82 2179 y([Che90])20 b(W.R.)14 b(Cheswic)o(k.)23 b(The)16 b(design)g(of)f(a)g (secure)i(in)o(ternet)g(gatew)o(a)o(y)m(.)k(In)16 b Fb(Pr)n(o)n(c.)g(Summer)g (USENIX)g(Con-)239 2229 y(fer)n(enc)n(e)p Fi(,)d(Anaheim,)f(June)j(1990.)82 2314 y([Che92])20 b(W.R.)12 b(Cheswic)o(k.)18 b(An)13 b(ev)o(ening)h(with)f (Berferd,)i(in)e(whic)o(h)g(a)g(crac)o(k)o(er)i(is)e(lured,)h(endured,)g(and) f(studied.)239 2364 y(In)h Fb(Pr)n(o)n(c.)g(Winter)h(USENIX)g(Confer)n(enc)n (e)p Fi(,)f(San)f(F)m(rancisco,)h(Jan)o(uary)g(1992.)96 2449 y([KL86])19 b(Brian)14 b(Kan)o(tor)g(and)g(Phil)f(Lapsley)m(.)18 b Fb(Network)13 b(News)i(T)m(r)n(ansfer)e(Pr)n(oto)n(c)n(ol)p Fi(,)g(F)m(ebruary)i(1986.)h(RF)o(C)e(977.)76 2534 y([Mo)q(c87])19 b(P)m(.V.)13 b(Mo)q(c)o(k)n(ap)q(etris.)19 b Fb(Domain)c(Names)g(|)g(Conc)n (epts)h(and)f(F)m(acilities)p Fi(,)e(No)o(v)o(em)o(b)q(er)g(1987.)k(RF)o(C)c (1034.)91 2619 y([Plu82])19 b(D.C.)13 b(Plummer.)j Fb(Ethernet)e(A)n(ddr)n (ess)h(R)n(esolution)g(Pr)n(oto)n(c)n(ol)p Fi(,)e(No)o(v)o(em)o(b)q(er)g (1982.)k(RF)o(C)c(826.)90 2704 y([P)o(os81])19 b(Jon)14 b(B.)g(P)o(ostel.)k Fb(Internet)d(Contr)n(ol)f(Message)i(Pr)n(oto)n(c)n(ol)p Fi(,)d(Septem)o(b)q (er)h(1981.)j(RF)o(C)c(792.)p eop %%Page: 6 6 5 bop 37 45 a Fi([PPTT90])20 b(Rob)f(Pik)o(e,)h(Da)o(v)o(e)f(Presotto,)j(Ken) e(Thompson,)f(and)g(Ho)o(w)o(ard)g(T)m(ric)o(k)o(ey)m(.)34 b(Plan)19 b(9)g(from)f(Bell)h(Labs.)239 95 y(In)h Fb(Pr)n(o)n(c)n(e)n(e)n (dings)g(of)g(the)h(Summer)f(1990)h(UKUUG)f(Confer)n(enc)n(e)p Fi(,)g(pages)g(1{9,)g(London,)g(July)g(1990.)239 145 y(UKUUG.)95 228 y([RP90])f(Jo)o(yce)c(K.)f(Reynolds)f(and)h(Jon)g(B.)g(P)o(ostel.)k Fb(Assigne)n(d)d(numb)n(ers)p Fi(,)e(Marc)o(h)i(1990.)i(RF)o(C)c(1060.)85 311 y([Sun88])19 b(Sun)c(Microsystems,)e(Inc.)20 b Fb(RPC:)14 b(R)n(emote)i(Pr)n(o)n(c)n(e)n(dur)n(e)e(Cal)r(l)h(Pr)n(oto)n(c)n(ol)f(Sp)n (e)n(ci\014c)n(ation)i(V)m(ersion)f(2)p Fi(,)f(June)239 361 y(1988.)j(RF)o(C)d(1057.)85 444 y([Sun90])19 b(Sun)10 b(Microsystems,)g (Inc.,)g(Moun)o(tain)f(View,)h(CA.)h Fb(Network)f(Interfac)n(es)g(Pr)n(o)n (gr)n(ammer's)g(Guide)p Fi(,)g(Marc)o(h)239 493 y(1990.)17 b(SunOS)e(4.1.)p eop %%Trailer end userdict /end-hook known{end-hook}if %%EOF