[TUHS] NSA MILNET IMP 57 & Explosive Bolts

[TUHS] NSA MILNET IMP 57 & Explosive Bolts

[Don Hopkins]

(I originally posted this to hacker news, but I’ll repost it here too.)



At the University of Maryland, our network access was through the NSA's "secret" MILNET IMP 57 at Fort Mead. It was pretty obvious that UMD got their network access via NSA, because mimsy.umd.edu had a similar "*.57" IP address as dockmaster, tycho and coins.

https://emaillab.jp/dns/hosts/

    HOST : 26.0.0.57 : TYCHO : PDP-11/70 : UNIX : TCP/TELNET,TCP/SMTP,TCP/FTP :
    HOST : 26.0.0.57 : DOCKMASTER.NCSC.MIL,DOCKMASTER.DCA.MIL, DOCKMASTER.ARPA : HONEYWELL-DPS-8/70 : MULTICS : TCP/TELNET,TCP/FTP,TCP/SMTP,TCP/ECHO,TCP/DISCARD,ICMP :
    HOST : 26.1.0.57 : COINS-GATEWAY,COINS : PLURIBUS : PLI ::
    HOST : 26.2.0.57, 128.8.0.8 : MARYLAND,MIMSY,UMD-CSD,UMD8,UMCP-CS : VAX-11/780 : UNIX : TCP/TELNET,TCP/FTP,TCP/SMTP,UDP,TCP/ECHO,TCP/FINGER,ICMP :

https://multicians.org/site-dockmaster.html

Whenever the network went down (which was often), we had to call up a machine room at Fort Mead and ask them to please press the reset button on the box labeled "IMP 57". Sometimes the helpful person who answered the phone had no idea which box I meant, so I had describe to him which box to reset over the phone. ("Nope, that didn't work. Try the other one!" ;) They were even generous enough to issue us (CS department systems staff and undergrad students) our own MILNET TACACS card.

On mimsy, you could get a list of NSA employees by typing "grep contact /etc/passwd", because each of their courtesy accounts had "network contact" in the gecos field.

Before they rolled out TACACS cards, anyone could dial up an IMP and log in without a password, and connect to any host they wanted to, without even having to murder anyone like on TV:

https://www.youtube.com/watch?v=hVth6T3gMa0



I found this handy how-to tutorial guide for "Talking to the Milnet NOC" and resetting the LH/DH, which was useful for guiding the NSA employee on the other end of the phone through fixing their end of the problem. What it doesn't mention is that the key box with the chase key was extremely easy to pick with a paperclip.

Who would answer the Milnet NOC's 24-hour phone was hit or miss: Some were more helpful and knowledgeable than others, others were quite uptight.

Once I told the guy who answered, "Hi, this is the University of Maryland. Our connection to the NSA IMP seems to be down." He barked back: "You can't say that on the telephone! Are you calling on a blue phone?" (I can't remember the exact color, except that it wasn't red: that I would have remembered). I said, "You can't say NSA??! This is a green phone, but there's a black phone in the other room that I could call you back on, but then I couldn't see the hardware." And he said "No, I mean a voice secure line!" I replied, "You do know that this is a university, don't you? We only have black and green phones.”

    Date: Thu, 11 Sep 86 13:53:45 EDT
    From: Steve D. Miller <steve@brillig.umd.edu>
    To: staff@mimsy.umd.edu
    Subject: Talking to the Milnet NOC

       This message is intended to be a brief tutorial/compendium of
    information you probably want to know if you need to see about
    getting the LH/DH thingy (and us) talking to the world.

       First, you need the following numbers:
        (1)  Our IMP number (57),
        (2)  Mimsy's milnet host address (26.2.0.57),
        (3)  The circuit number for our link to the NSA
            (DSEP07500-057)
        (4)  The NOC number itself (692-5726).

       Second, you need to know something about the hardware.  There
    are three pieces of hardware that make up our side of the link:
    the LH/DH itself, the ECU, and the modem.  The LH/DH and the
    ECU are the things in the vax lab by brillig; the ECU is the
    thing on top (with the switches), and the LH/DH is the thing
    on the bottom.  The normal state is to have the four red LEDs
    on the ECU on and the Host Master Ready, HRY, Imp Master Ready,
    and IRY lights on at the LH/DH.  If these lights are not on,
    something is wrong.  If mimsy is down, then we'll only have some
    of the lights on, but that should fix itself when mimsy comes up.
    Some interesting buttons or switches on the ECU are:
        reset - resets something or another
        stop - stops something or another
        start - restarts something or another
        local loopback -- two switches and two leds; you may need
            to throw one or the other of these if the NOC asks
            you to.  These loopback switches should be distinguished
            from those on the modem itself.
        remote loopback -- like local loopback, but does something else.

       The modem is in the phone room beside the terminal room (rm.
    4322, if memory serves).  It can be opened with the chase key from
    the key box...but if someone official and outside of staff asks
    you that, you probably shouldn't admit to it.  It has a switch on
    it, too; it seems that switch normally rests in the middle, and
    there's a "LL" setting to the left which I assume puts the modem in
    local loopback mode.

       Now that you have some idea of where things are, call the NOC.
    Identify yourself as from the University of Maryland, and say that
    we're not talking to the outside world.  They will probably ask for
    our Milnet address or the number of the IMP we're connected to,
    and will then poke about and see what's happening.  They will ask
    you to do various things; ask if you're not sure what they mean,
    but the background info above should help in puzzling it out.

       Hopefully, this will make it easier to find people to fix
    our net problems in the future; it's still hard to do 'cause
    we have so little info (no hardware manual, for example),
    but this should give us a fighting chance.

        -Steve



There were rumored to be "explosive bolts" on the ARPA/MILNET gateways (whether they were metaphorical or not, I don't know).

Here's something interesting that Milo Medin wrote about dual homed sites like NSA and NASA, that were on both the ARPANET and MILNET:

    To: fair@ucbarpa.berkeley.edu (Erik E. Fair)
    Cc: Hackers_Guild@ucbvax.berkeley.edu, ucdavis!ccohesh@ucbvax.berkeley.edu
    Subject: Re: a question of definition
    Date: Thu, 29 Jan 87 15:33:35 PST
    From: Milo S. Medin (NASA ARC Code ED) <medin@orion.arpa>

    Right, the core has many gateways on it now, maybe 20-30.  All the LSI's will
    be stubbed off the core however, and only buttergates will be left after
    the mailbridges and EGP peers are all converted.  Actually, I think DARPA is
    paying for it all...

    Ames is *not* getting a mailbridge.  You are right of course, that we could
    use 2 gateways, not just 1 (actually, there will be a prime and backup anyways),
    and then push routing info appropriately.  But that's anything but simple.
    Firstly, the hosts have to know which gateway to send a packet to a given
    network, and thus have to pick between the 2.  That's a bad idea.
    It also means that I have to pass all EGP learned info around on the
    local cable, and if I do that, then I can't have routing info from
    the local cable pass out via EGP.  At least not without violating
    the current EGP spec.   Think about it.  It'd be really simple to
    create a loop that way.  Thus, in order to maximize the use of both
    PSN's, you really need one gateway wired to both PSN's, and just
    have it advertise a default route inside.  Or use a reasonble IGP,
    of which RIP (aka /etc/routed stuff) is not.  I'm hoping to get
    an RFC out of BBN at this IETF meeting which may go a long way in
    reducing the use of RIP as an IGP.

    BTW, NSA is an example of a site on both MILNET and ARPANET but without
    a mailbridge...

    There is no restriction that a network can only be on ARPANET or MILNET.
    That goes against the Internet model of doing things.  Our local
    NASA gatewayed nets will be advertised on both sides.  The restriction
    on BARRNet is that the constituent elements of BARRNet do not all
    have access to MILNET.  NSF has an understanding with DARPA and
    DCA that NSFnet'd sites can use ARPANET.  That does not extend to
    the MILNET.  Thus, Davis can use UCB's or Stanford's, our even NASA's
    ARPANET gateways, with the approval of the site of course, but
    not MILNET, even though NASA has MILNET coverage.  Thus we are required
    to restrict BARRNet routing through our MILNET PSN.  If we were willing
    to sponsor UCB's MILNET access, for some requirement which NASA
    had to implement, then we would turn that on.  But BARRNet itself will
    but cutoff to MILNET (and probably ARPANET too) at Ames, but not
    cut off to other NASA centers or sites that NASA connects.  There is
    no technical reason that prevents this, in fact, we have to take
    special measures to prevent it.  But those are the rules.  Anyways,
    mailbridge performance should improve after the conversion, so
    UCB should be in better shape.  And you'll certainly be able to
    talk to us via BARRNnet...  I have noticed recently that MILNET<->
    ARPANET performance has been particularly poor...  Sigh.

    The DCA folks feel that in case of an emergency they may be
    forced to use an unsecure network to pass certain info around.  The
    DDN brochure mentions SIOP related data for example.  Who knows,
    if the balloon goes up, the launch order might pass through Evans
    Hall on its way out to SAC...  :-)


                        Milo



I dug up an "explosive bolts" reference -- fortunately that brilliant plan didn't get far.

(Milo Medin knows this stuff first hand: https://innovation.defense.gov/Media/Biographies/Bio-Display/Article/1395855/milo-medin/ )

    To: fair@ucbarpa.berkeley.edu (Erik E. Fair)
    Cc: ucdavis!ccohesh@ucbvax.berkeley.edu, Hackers_Guild@ucbvax.berkeley.edu
    Subject: Re: a question of definition
    Date: Thu, 29 Jan 87 12:29:36 PST
    From: Milo S. Medin (NASA ARC Code ED) <medin@orion.arpa>

    Actually its:

    SCINET -- Secret Compartmented Information Net  (if you don't know what
    compartmented means, you don't need to ask)
    DODIIS -- DoD Intelligence Information Net

    The other stuff I think is right, at least without me looking things
    up.  I probably shouldn't have brought this subject of the secure part
    of the DDN up.  People like being low key about such things...

    Erik, all the BBN gateways on MILNET and ARPANET currently comprise
    the core, not just mailbridges.  Some are used as site gateways, others
    as EGP neighbors, etc...  And just because you are dual homed doesn't mean
    you get a mailbridge.  And the IETF doesn't deal with low level stuff
    like that; DCA does all that.  In fact, the reason we are getting an
    ARPANET PSN is because when DCA came out to do a site survey, they
    liked our site so much they asked if they could put one here!  It's
    amazing how many sites have tried to get ARPANET PSN's the right
    way and have had to wait much longer than us...  BTW, since we are
    dual homed (probably a gateway with 2 1822 interfaces in it), we
    are taking steps to be sure that people on ARPANET or MILNET can't
    use our gateway to bypass the mailbridges.  The code will be hacked
    to drop all packets that aren't going to a locally reachable network.
    BARRNet, even though its locally reachable, will be excluded
    from this however, since the current procedural limitations call for
    not allowing any BARRNet traffic to flow out of BARRNet to MILNET
    and the reverse.  NASA traffic of course can traffic through BARRNet,
    and even use ARPANET that way (though that's not a big deal when
    we get our own ARPANET PSN).  That's because only NASA is authorized
    to directly connect to MILNET, not UCB or Stanford, etc...

    DCA must have the ability to partition the ARPANET and MILNET in
    case of an "emergency", and having non-DCA controlled paths between
    the nets prevents that.  There was talk some time ago about putting
    explosive bolts in the mailbridges that would be triggered by
    destruct packets...  That idea didn't get far though...

    The DDN only includes MILNET,ARPANET,SCINET,etc...  Not the attached
    networks.  If it did, you'd need to file a TSR to add a PC to your
    local cable.  A TSR is a monstrous piece of paperwork that needs to
    be done anytime anything is changed on the DDN...  Rick knows all
    about them don't you Rick?

    The whole network game is filled with acronyms!  I gave up trying
    to write documents with full explainations in terms long ago...
    I have yet to see a short and concise (and correct) way of describing
    DDN X.25 Standard Service for example...  That's probably one of the
    harder things about getting into networking these days.  We won't
    even talk about Etherbunnies and Martians and other Millspeak...

                        Milo '1822' Medin

Re: [TUHS] NSA MILNET IMP 57 & Explosive Bolts

[Arthur Krewat]

415-327-5220


On 1/3/2019 9:34 PM, Don Hopkins wrote:
> (I originally posted this to hacker news, but I’ll repost it here too.)
>
>
>
> At the University of Maryland, our network access was through the NSA's "secret" MILNET IMP 57 at Fort Mead. It was pretty obvious that UMD got their network access via NSA, because mimsy.umd.edu had a similar "*.57" IP address as dockmaster, tycho and coins.
>
> https://emaillab.jp/dns/hosts/
>
>      HOST : 26.0.0.57 : TYCHO : PDP-11/70 : UNIX : TCP/TELNET,TCP/SMTP,TCP/FTP :
>      HOST : 26.0.0.57 : DOCKMASTER.NCSC.MIL,DOCKMASTER.DCA.MIL, DOCKMASTER.ARPA : HONEYWELL-DPS-8/70 : MULTICS : TCP/TELNET,TCP/FTP,TCP/SMTP,TCP/ECHO,TCP/DISCARD,ICMP :
>      HOST : 26.1.0.57 : COINS-GATEWAY,COINS : PLURIBUS : PLI ::
>      HOST : 26.2.0.57, 128.8.0.8 : MARYLAND,MIMSY,UMD-CSD,UMD8,UMCP-CS : VAX-11/780 : UNIX : TCP/TELNET,TCP/FTP,TCP/SMTP,UDP,TCP/ECHO,TCP/FINGER,ICMP :
>
> https://multicians.org/site-dockmaster.html
>
> Whenever the network went down (which was often), we had to call up a machine room at Fort Mead and ask them to please press the reset button on the box labeled "IMP 57". Sometimes the helpful person who answered the phone had no idea which box I meant, so I had describe to him which box to reset over the phone. ("Nope, that didn't work. Try the other one!" ;) They were even generous enough to issue us (CS department systems staff and undergrad students) our own MILNET TACACS card.
>
> On mimsy, you could get a list of NSA employees by typing "grep contact /etc/passwd", because each of their courtesy accounts had "network contact" in the gecos field.
>
> Before they rolled out TACACS cards, anyone could dial up an IMP and log in without a password, and connect to any host they wanted to, without even having to murder anyone like on TV:
>
> https://www.youtube.com/watch?v=hVth6T3gMa0
>
>
>
> I found this handy how-to tutorial guide for "Talking to the Milnet NOC" and resetting the LH/DH, which was useful for guiding the NSA employee on the other end of the phone through fixing their end of the problem. What it doesn't mention is that the key box with the chase key was extremely easy to pick with a paperclip.
>
> Who would answer the Milnet NOC's 24-hour phone was hit or miss: Some were more helpful and knowledgeable than others, others were quite uptight.
>
> Once I told the guy who answered, "Hi, this is the University of Maryland. Our connection to the NSA IMP seems to be down." He barked back: "You can't say that on the telephone! Are you calling on a blue phone?" (I can't remember the exact color, except that it wasn't red: that I would have remembered). I said, "You can't say NSA??! This is a green phone, but there's a black phone in the other room that I could call you back on, but then I couldn't see the hardware." And he said "No, I mean a voice secure line!" I replied, "You do know that this is a university, don't you? We only have black and green phones.”
>
>      Date: Thu, 11 Sep 86 13:53:45 EDT
>      From: Steve D. Miller <steve@brillig.umd.edu>
>      To: staff@mimsy.umd.edu
>      Subject: Talking to the Milnet NOC
>
>         This message is intended to be a brief tutorial/compendium of
>      information you probably want to know if you need to see about
>      getting the LH/DH thingy (and us) talking to the world.
>
>         First, you need the following numbers:
>          (1)  Our IMP number (57),
>          (2)  Mimsy's milnet host address (26.2.0.57),
>          (3)  The circuit number for our link to the NSA
>              (DSEP07500-057)
>          (4)  The NOC number itself (692-5726).
>
>         Second, you need to know something about the hardware.  There
>      are three pieces of hardware that make up our side of the link:
>      the LH/DH itself, the ECU, and the modem.  The LH/DH and the
>      ECU are the things in the vax lab by brillig; the ECU is the
>      thing on top (with the switches), and the LH/DH is the thing
>      on the bottom.  The normal state is to have the four red LEDs
>      on the ECU on and the Host Master Ready, HRY, Imp Master Ready,
>      and IRY lights on at the LH/DH.  If these lights are not on,
>      something is wrong.  If mimsy is down, then we'll only have some
>      of the lights on, but that should fix itself when mimsy comes up.
>      Some interesting buttons or switches on the ECU are:
>          reset - resets something or another
>          stop - stops something or another
>          start - restarts something or another
>          local loopback -- two switches and two leds; you may need
>              to throw one or the other of these if the NOC asks
>              you to.  These loopback switches should be distinguished
>              from those on the modem itself.
>          remote loopback -- like local loopback, but does something else.
>
>         The modem is in the phone room beside the terminal room (rm.
>      4322, if memory serves).  It can be opened with the chase key from
>      the key box...but if someone official and outside of staff asks
>      you that, you probably shouldn't admit to it.  It has a switch on
>      it, too; it seems that switch normally rests in the middle, and
>      there's a "LL" setting to the left which I assume puts the modem in
>      local loopback mode.
>
>         Now that you have some idea of where things are, call the NOC.
>      Identify yourself as from the University of Maryland, and say that
>      we're not talking to the outside world.  They will probably ask for
>      our Milnet address or the number of the IMP we're connected to,
>      and will then poke about and see what's happening.  They will ask
>      you to do various things; ask if you're not sure what they mean,
>      but the background info above should help in puzzling it out.
>
>         Hopefully, this will make it easier to find people to fix
>      our net problems in the future; it's still hard to do 'cause
>      we have so little info (no hardware manual, for example),
>      but this should give us a fighting chance.
>
>          -Steve
>
>
>
> There were rumored to be "explosive bolts" on the ARPA/MILNET gateways (whether they were metaphorical or not, I don't know).
>
> Here's something interesting that Milo Medin wrote about dual homed sites like NSA and NASA, that were on both the ARPANET and MILNET:
>
>      To: fair@ucbarpa.berkeley.edu (Erik E. Fair)
>      Cc: Hackers_Guild@ucbvax.berkeley.edu, ucdavis!ccohesh@ucbvax.berkeley.edu
>      Subject: Re: a question of definition
>      Date: Thu, 29 Jan 87 15:33:35 PST
>      From: Milo S. Medin (NASA ARC Code ED) <medin@orion.arpa>
>
>      Right, the core has many gateways on it now, maybe 20-30.  All the LSI's will
>      be stubbed off the core however, and only buttergates will be left after
>      the mailbridges and EGP peers are all converted.  Actually, I think DARPA is
>      paying for it all...
>
>      Ames is *not* getting a mailbridge.  You are right of course, that we could
>      use 2 gateways, not just 1 (actually, there will be a prime and backup anyways),
>      and then push routing info appropriately.  But that's anything but simple.
>      Firstly, the hosts have to know which gateway to send a packet to a given
>      network, and thus have to pick between the 2.  That's a bad idea.
>      It also means that I have to pass all EGP learned info around on the
>      local cable, and if I do that, then I can't have routing info from
>      the local cable pass out via EGP.  At least not without violating
>      the current EGP spec.   Think about it.  It'd be really simple to
>      create a loop that way.  Thus, in order to maximize the use of both
>      PSN's, you really need one gateway wired to both PSN's, and just
>      have it advertise a default route inside.  Or use a reasonble IGP,
>      of which RIP (aka /etc/routed stuff) is not.  I'm hoping to get
>      an RFC out of BBN at this IETF meeting which may go a long way in
>      reducing the use of RIP as an IGP.
>
>      BTW, NSA is an example of a site on both MILNET and ARPANET but without
>      a mailbridge...
>
>      There is no restriction that a network can only be on ARPANET or MILNET.
>      That goes against the Internet model of doing things.  Our local
>      NASA gatewayed nets will be advertised on both sides.  The restriction
>      on BARRNet is that the constituent elements of BARRNet do not all
>      have access to MILNET.  NSF has an understanding with DARPA and
>      DCA that NSFnet'd sites can use ARPANET.  That does not extend to
>      the MILNET.  Thus, Davis can use UCB's or Stanford's, our even NASA's
>      ARPANET gateways, with the approval of the site of course, but
>      not MILNET, even though NASA has MILNET coverage.  Thus we are required
>      to restrict BARRNet routing through our MILNET PSN.  If we were willing
>      to sponsor UCB's MILNET access, for some requirement which NASA
>      had to implement, then we would turn that on.  But BARRNet itself will
>      but cutoff to MILNET (and probably ARPANET too) at Ames, but not
>      cut off to other NASA centers or sites that NASA connects.  There is
>      no technical reason that prevents this, in fact, we have to take
>      special measures to prevent it.  But those are the rules.  Anyways,
>      mailbridge performance should improve after the conversion, so
>      UCB should be in better shape.  And you'll certainly be able to
>      talk to us via BARRNnet...  I have noticed recently that MILNET<->
>      ARPANET performance has been particularly poor...  Sigh.
>
>      The DCA folks feel that in case of an emergency they may be
>      forced to use an unsecure network to pass certain info around.  The
>      DDN brochure mentions SIOP related data for example.  Who knows,
>      if the balloon goes up, the launch order might pass through Evans
>      Hall on its way out to SAC...  :-)
>
>
>                          Milo
>
>
>
> I dug up an "explosive bolts" reference -- fortunately that brilliant plan didn't get far.
>
> (Milo Medin knows this stuff first hand: https://innovation.defense.gov/Media/Biographies/Bio-Display/Article/1395855/milo-medin/ )
>
>      To: fair@ucbarpa.berkeley.edu (Erik E. Fair)
>      Cc: ucdavis!ccohesh@ucbvax.berkeley.edu, Hackers_Guild@ucbvax.berkeley.edu
>      Subject: Re: a question of definition
>      Date: Thu, 29 Jan 87 12:29:36 PST
>      From: Milo S. Medin (NASA ARC Code ED) <medin@orion.arpa>
>
>      Actually its:
>
>      SCINET -- Secret Compartmented Information Net  (if you don't know what
>      compartmented means, you don't need to ask)
>      DODIIS -- DoD Intelligence Information Net
>
>      The other stuff I think is right, at least without me looking things
>      up.  I probably shouldn't have brought this subject of the secure part
>      of the DDN up.  People like being low key about such things...
>
>      Erik, all the BBN gateways on MILNET and ARPANET currently comprise
>      the core, not just mailbridges.  Some are used as site gateways, others
>      as EGP neighbors, etc...  And just because you are dual homed doesn't mean
>      you get a mailbridge.  And the IETF doesn't deal with low level stuff
>      like that; DCA does all that.  In fact, the reason we are getting an
>      ARPANET PSN is because when DCA came out to do a site survey, they
>      liked our site so much they asked if they could put one here!  It's
>      amazing how many sites have tried to get ARPANET PSN's the right
>      way and have had to wait much longer than us...  BTW, since we are
>      dual homed (probably a gateway with 2 1822 interfaces in it), we
>      are taking steps to be sure that people on ARPANET or MILNET can't
>      use our gateway to bypass the mailbridges.  The code will be hacked
>      to drop all packets that aren't going to a locally reachable network.
>      BARRNet, even though its locally reachable, will be excluded
>      from this however, since the current procedural limitations call for
>      not allowing any BARRNet traffic to flow out of BARRNet to MILNET
>      and the reverse.  NASA traffic of course can traffic through BARRNet,
>      and even use ARPANET that way (though that's not a big deal when
>      we get our own ARPANET PSN).  That's because only NASA is authorized
>      to directly connect to MILNET, not UCB or Stanford, etc...
>
>      DCA must have the ability to partition the ARPANET and MILNET in
>      case of an "emergency", and having non-DCA controlled paths between
>      the nets prevents that.  There was talk some time ago about putting
>      explosive bolts in the mailbridges that would be triggered by
>      destruct packets...  That idea didn't get far though...
>
>      The DDN only includes MILNET,ARPANET,SCINET,etc...  Not the attached
>      networks.  If it did, you'd need to file a TSR to add a PC to your
>      local cable.  A TSR is a monstrous piece of paperwork that needs to
>      be done anytime anything is changed on the DDN...  Rick knows all
>      about them don't you Rick?
>
>      The whole network game is filled with acronyms!  I gave up trying
>      to write documents with full explainations in terms long ago...
>      I have yet to see a short and concise (and correct) way of describing
>      DDN X.25 Standard Service for example...  That's probably one of the
>      harder things about getting into networking these days.  We won't
>      even talk about Etherbunnies and Martians and other Millspeak...
>
>                          Milo '1822' Medin
>
>
>

Re: [TUHS] NSA MILNET IMP 57 & Explosive Bolts

[Don Hopkins]

On 4 Jan 2019, at 21:46, Clem Cole <clemc@ccc.com> wrote:

>From where did that wonderful clip come?   It's clearly a sequence from something else.  I've never seen it before.
>Thanks,
>Clem

They were from my email archives of Hackers_Guild and the umd cs department staff mailing list. Does anybody else have any h_g archives sitting around? 

Here’s some more funny stuff about the NSA! Gotta love how Brian Reid and Rick Adams weigh in. ;)

-Don


From: yee@dali.berkeley.edu (Peter E. Yee)
Subject: For those who missed 997@lll-crg, here it is
Date: 19 November 1985 at 15:58:08 CET
To: hackers_guild@ucbvax.berkeley.edu

Relay-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site lll-crg.ARpA
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site lll-crg.ARpA
Path: lll-crg!bandy
From: bandy@lll-crg.ARpA (Andrew Scott Beals)
Newsgroups: net.net-people
Subject: oh YES the NSA is on the net!
Message-ID: <997@lll-crg.ARpA>
Date: 19 Nov 85 07:11:36 GMT
Date-Received: 19 Nov 85 07:11:36 GMT
References: <324@ucdavis.UUCP> <2253@umcp-cs.UUCP>
Reply-To: bandy@lll-crg.UUCP (Andrew Scott Beals)
Distribution: net
Organization: Computation Research Group, Lawrence Livermore Labs
Lines: 94
Summary: (let's say) unintentional dis-information corrected

In article <2253@umcp-cs.UUCP> tlr@umcp-cs.UUCP (Terry L. Ridder) writes:
	I can almost guarantee that the National Security Agency is
	not on USENET or ARPANET. I can further almost guarantee that
	very few employees of NSA are even aware that USENET exist.
	Signed
	Terry L. Ridder
UUCP: seismo!(mimsy.umd.edu|neurad)!bilbo!wiretap!(root|tlr)
					   ^^^^^^^
PHONE: 301-490-2248 (home) 301-859-6642 (work)

Right.

There used to be a host called "TYCHO" (nickname "NSA") at host
zero on imp fifty-seven. (26.0.0.57) (information taken from the old
NIC (Network Information Center for Internet) host tables)

Now there is a machine called "DOCKMASTER" on that same imp port
(TYCHO was an old PDP-11 running version 6 unix (which rumors had
flown for quite some time that someone actually proved was secure)).

Here is what the NIC has to say about DOCKMASTER:

	The National Computer Security Center (DOCKMASTER) 
	   820 Elkridge Landing Road
	   Room A1127, Building FANX-II
	   Linthicum, MD 21090
	
	
	   NetAddress: 26.0.0.57
	   Nicknames: NCSC-MULTICS
	
	   Host Administrator and Liaison:
	      Aliff, Stephen W.  (SWA1)  Aliff.DODCSC@MIT-MULTICS
	      (301) 850-5888

Multics, if I remember correctly, was just given some level of
certification by the government that it was secure. Interesting, no?

Unfortunately, I'm not nearly as much of a Packrat as some might like
to think so I don't have a Maryland phone book (I do have my silly
putty though), so I can't tell you where this exchange is located
(nor where Terry's work number is located). However, looking up
Linthicum MD (I was born and raised just north of DC) shows that
it's just north of BWI (airport). There is a NASA center right near
there and next to that is an un-marked (of course) NSA center.

All of this points that imp 57 is still NSA's imp.

NIC has this to say about host 1 on imp 57:

	National Security Agency (COINS-GATEWAY) 
	   COINS Network Control Center
	   Fort George G. Meade, MD 20755
	
	
	   NetAddress: 26.1.0.57
	   Nicknames: COINS
	
	   Host Administrator and Liaison:
	      Smith, Ronald L.  (RLS6)  COINS@USC-ISI
	      (301) 688-6375

The NIC generally likes to give a machine the name "-GATEWAY" when
that machine is a gateway into another part of the internet. (the
machine type of COINS is a Plurbus, which is a multiprocessor
gateway machine manufactured by BBN (the folks who do the ARPANET
and MILNET hardware). 

In any case, it seems that Mr Ridder is un-(or mis-?)informed. 

Side note: at the last (Portland) USENIX, I happened across a
gentlemen (very cleancut) whose badge listed him as working for the
"Department of Defense, Fort Meade Maryland". I said "Oh, you're one
of those NSA guys!" To which he replied "How did you know?!"...
"Everyone else in DOD says /which/ part of DOD they work for..."

	andrew scott beals
	lawrence livermore national laboratory/university of california
	Pooh-bah for LLL-CRG.ARPA
	(415) 423-1948 (work) (533-1948 (FTS))

ps. In case anyone is wondering and before you go giving my name to
people that I don't want to talk to (like the Kind Folks at the NSA
(but I'm sure they've heard of me or will before I finish up with my
current round of paperwork with the DOE/OPM/FBI)), I obtained all of
this information through public channels.
-- 
There once was a thing called a V-2,
To pilot which you did not need to--
 You just pushed a button,
 And it would leave nuttin'
But stiffs and big holes and debris, too.

andy beals - bandy@lll-crg.arpa - {seismo,ihnp4!sun,dual}!lll-crg!bandy


From: jordan@ucbarpa.berkeley.edu (Jordan Hayes)
Subject: Re: ``dockmaster''
Date: 19 November 1985 at 16:27:34 CET
To: hackers_guild@ucbvax.berkeley.edu

for those so inclined, they should look at what is on port 2 of that
imp ... hmmm ... sorta like putting the CIA on port 4 of imp 78 ...

/jordan


From: Andrew Scott Beals <bandy@lll-crg.ARPA>
Subject: Re: ``dockmaster''
Date: 19 November 1985 at 18:27:27 CET
To: hackers_guild@ucbvax.berkeley.edu, jordan@ucbarpa.berkeley.edu

Maryland lets NSA people use mimsy. The NSA is interested in the
supercomputer designs that they're working on there... (which is
why they have an imp connection)

In any case, I just got a long note from Mr Ridder. I'll forward
it to you when I'm done reading my mail...
	andy


From: Andrew Scott Beals <bandy@lll-crg.ARPA>
Subject: message from Mr. Ridder
Date: 19 November 1985 at 18:31:44 CET
To: hackers_guild@lll-crg.ARPA

From tlr@mimsy.umd.edu Tue Nov 19 06:13:44 1985
Date: Tue, 19 Nov 85 09:12:54 EST
From: Terry L. Ridder <tlr@mimsy.umd.edu>
Subject: Your posting


	Mr. Andrew Scott Beals

	I am writing to inform you of at least two facts:

	The computer named "wiretap" belongs to my children,
	age 9, age 7, age 2. Jennifer, the 7 year old, named
	the computer. Sarah, the 9 year old, named the other
	computer "bilbo". 

	Bilbo and wiretap are both private machines. The are
	owned by my family and I. They are in no way shape or
	form associated with the NSA. 

	Concerning your posting, I am concerned that you have
	no regard for the safety of federal employees. Your
	posting is marked for distribution "net", if you would
	look at the two previous posting they are marked for
	distribution 'usa'. Therefore, you probably have just
	told most of the world the location of what you believe
	to be an NSA facility. This probably has made the location
	a target for any of a number of terrorist groups. What if
	you are wrong? You have place in danger the lifes of 
	innocent people. Just because you may think you know something
	does not mean that you tell most of the world. 

	I would hope that in the future that you would take the
	time to think about all the ramifications before making
	a posting, similiar in nature to the one in question.

	I would hope that you will send out a cancel message on 
	your posting, before it gets to far.

	I sincerely hope that you restrict your speculations about
	my family's association with any federal agency. I hope
	also that you are mature enough to post an apology for
	inferring that my computers were associated with the NSA.

	I do not want to think of what the implications are from
	that speculation on your part. You may have damaged my
	family's reputation and my own reputation. 

	Please be a little more responsible in the future.
	Engage brain before fingers.

	Signed
	Terry L. Ridder
	for the Terry L. Ridder family


---------------------


From: fair@ucbarpa.berkeley.edu (Erik E. Fair)
Subject: Re: message from Mr. Ridder
Date: 19 November 1985 at 18:42:34 CET
To: bandy@lll-crg.ARPA
Cc: Hackers_Guild@ucbvax.berkeley.edu

I wonder if this bozoid has ever read `The Puzzle Palace'?
It identifies several `secret' NSA installations, including
one out in the wilds of Sonoma, just over the border from
Marin County, along the road from Tomales to Petaluma. All
from public sources and Freedom Of Information Act suits.

	Erik E. Fair	ucbvax!fair	fair@ucbarpa.berkeley.edu

P.S.	Be sure to waive hello in your Email to the folks at the
	Maryland Procurement Office...



From: Andrew Scott Beals <bandy@lll-crg.ARPA>
Subject: Re: message from Mr. Ridder
Date: 19 November 1985 at 19:11:36 CET
To: fair@ucbarpa.berkeley.edu
Cc: Hackers_Guild@ucbvax.berkeley.edu

[mimsy.umd.edu]
Login name: tlr                         In real life: Terry L. Ridder
Office:     Laurel MD 20707             Office phone: 859-6642
Home phone: 490-2248                    Arpanet Sponsor
Directory:  /u/tlr                      Shell: /bin/csh
Last login Tue Nov 19 09:17 on tty04
Project: To find a new job, raise three children, and have time for the wife.
Plan: To move overseas.

----------------------
Well, this is what it has to say about him. Arpanet sponsor, eh?
	andy



From: fair@ucbarpa.berkeley.edu (Erik E. Fair)
Subject: Re: message from Mr. Ridder
Date: 19 November 1985 at 19:48:41 CET
To: bandy@lll-crg.ARPA
Cc: Hackers_Guild@ucbvax.berkeley.edu

Ask Chris Torek what an `Arpanet Sponsor' is...

	Erik


From: Andrew Scott Beals <bandy@lll-crg.ARPA>
Subject: more follies, dt if uninterested
Date: 20 November 1985 at 02:10:30 CET
To: hackers_guild@lll-crg.ARPA

Seems that the gentleman doesn't read his fucking news before going
off at the handle. I sent him an "Excuse me, but if you look at
article ..." note.

LLL General consul? Snicker snicker. Maybe Postmaster or root or
usenet will get a nice note from him telling me what a Bad Boy I've
been... :-)
	andy
-----------------------
Date: Tue, 19 Nov 85 18:46:28 EST
From: Terry L. Ridder <tlr@mimsy.umd.edu>
Subject: apology is inorder


	Mr. Andrew Scott Beals

	I again ask that you act in a mature manner and post an
	apology concerning your inferring that my private computers
	are associated with the NSA.

	If you choose not to, would you be kind enough to inform me
	what the phone number is for LLL general consul is?

	Signed
	Terry L. Ridder



From: jordan@ucbarpa.berkeley.edu (Jordan Hayes)
Subject: Re: ridder me this ...
Date: 20 November 1985 at 02:59:22 CET
To: hackers_guild@ucbvax.berkeley.edu

Methinks either the man is an idiot or he's not really a force to
be reckoned with. If his main mail machine is mimsy, that means he's
on the same imp ... since NSA people have accounts at umd, maybe he's
FROM the NSA ... hmmm ...

/jordan


From: Milo S. Medin (NASA ARC Code ED) <medin@orion.ARPA>
Subject: Re: message from Mr. Ridder
Date: 20 November 1985 at 03:03:55 CET
To: Andrew Scott Beals <bandy@lll-crg.ARPA>
Cc: fair@ucbarpa.berkeley.edu, Hackers_Guild@ucbvax.berkeley.edu


LLL general counsel?  uh oh.....  That means lawyers....


						Milo



From: Andrew Scott Beals <bandy@lll-crg.ARPA>
Subject: ridder me this
Date: 20 November 1985 at 03:14:56 CET
To: hackers_guild@lll-crg.ARPA

One of my sources tells me that Mr Ridder is indeed an NSA person. Chris
Torek told me that an "Arpanet Sponsor" in their terminology means that
he's one of the people who helped them get on the network.
	andy



From: Andrew Scott Beals <bandy@lll-crg.ARPA>
Subject: Re: Ridder me this (qualification)
Date: 20 November 1985 at 03:31:22 CET
To: bandy@ll-crg.ARPA, deboor%buddy@ucbvax.berkeley.edu
Cc: hackers_guild@ucbvax.berkeley.edu

Oh, I already sent him an apology. Here it is:
Relay-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site lll-crg.ARpA
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site lll-crg.ARpA
Path: lll-crg!bandy
From: bandy@lll-crg.ARpA (Andrew Scott Beals)
Newsgroups: net.net-people
Subject: Apology to Terry Ridder
Message-ID: <998@lll-crg.ARpA>
Date: 19 Nov 85 17:37:12 GMT
Date-Received: 19 Nov 85 17:37:12 GMT
References: <324@ucdavis.UUCP> <2253@umcp-cs.UUCP> <997@lll-crg.ARpA>
Reply-To: bandy@lll-crg.UUCP (Andrew Scott Beals)
Distribution: net
Organization: Computation Research Group, Lawrence Livermore Labs
Lines: 15

I would like to take this opportunity to formally extend my
apologies to Terry L. Ridder (tlr@mimsy.umd.edu) and his family for
insinuating that their home machines (bilbo and wiretap) and any
association with any Federal agency (the NSA in this case).

andrew scott beals
uc/llnl
-- 
There once was a thing called a V-2,
To pilot which you did not need to--
 You just pushed a button,
 And it would leave nuttin'
But stiffs and big holes and debris, too.

andy beals - bandy@lll-crg.arpa - {seismo,ihnp4!sun,dual}!lll-crg!bandy
---------------------
What was interesting was that the file was ~news/net/net-people/666 ...
Tee hee hee.
	andy



From: Andrew Scott Beals <bandy@lll-crg.ARPA>
Subject: calling LLL {lawyers,diplomats}
Date: 20 November 1985 at 03:38:35 CET
To: hackers_guild@lll-crg.ARPA

Of course, they'll tell him that "Anything that our employees say
is their own opinion unless they are a member of the LLNL Public
Information group and are speaking in an official capacity."

"Pin-heads. Pin-heads. Roly-poly pin-heads. Pin-heads. Pin-heads.
Watch them lose. Yow!"
	andy



From: Andrew Scott Beals <bandy@lll-crg.ARPA>
Subject: teehee
Date: 20 November 1985 at 17:18:25 CET
To: hackers_guild@ucbvax.berkeley.edu

From reid@glacier Wed Nov 20 06:59:01 1985
Date: Wed, 20 Nov 85 06:57:35 pst
From: Brian Reid <reid@glacier>
Subject: Re: Apology to Terry Ridder
Newsgroups: net.net-people
Organization: Stanford University, Computer Systems Lab


Terry Ridder is one of the biggest assholes on earth, and I can't fathom
anybody owing him an apology about anything. Oh well.
-- 
	Brian Reid	decwrl!glacier!reid
	Stanford	reid@SU-Glacier.ARPA



From: Andrew Scott Beals <bandy@lll-crg.ARPA>
Subject: philngai on tlr
Date: 21 November 1985 at 07:21:35 CET
To: hackers_guild@lll-crg.ARPA

From amdcad!phil Wed Nov 20 20:41:58 1985
Date: Wed, 20 Nov 85 20:08:04 pst
From: amdcad!phil (Phil Ngai)
Subject: Re: message from Mr. Ridder


what kind of asshole names a computer wiretap and then complains when
others make seemingly reasonable assumptions about it?

who should engage their brain, that's what i want to know.
-- 
Raise snails for fun and profit! Race them for amusement! Then eat the losers!

Phil Ngai +1 408 749-5720
UUCP: {ucbvax,decwrl,ihnp4,allegra}!amdcad!phil
ARPA: amdcad!phil@decwrl.dec.com


From: cuuxb!jab@lll-crg.ARPA
Subject: Re: message from Mr. Ridder
Date: 24 November 1985 at 02:25:13 CET
To: lll-crg!sdcsvax.arpa!hutch@lll-crg.ARPA
Cc: lll-crg!hackers_guild@ucbvax.berkeley.edu

The Ridder guy is a jerk. I would wonder why the ARPANET knows about his
private machines, anyhow: sounds like a misuse of government funding.

	Jeff Bowles
	Lisle, IL



From: Donnalyn Frey <donnalyn@seismo.css.gov>
Subject: Re: private machines on internet
Date: 24 November 1985 at 06:08:34 CET
To: cuuxb!jab@lll-crg.ARPA, deboor%buddy@ucbvax.berkeley.edu
Cc: hackers_guild@ucbvax.berkeley.edu

Ridders machines are NOT on the arpanet. They have uucp links to
Uof Maryland. Ridder himself has an account on mimsy.umd.edu.

Ridders two machines were named by his children. ONe had
just finished reading teh Hobbit (hence bilbo, despite the
2 other known bilbos [not to be confused with certain dildos being discussed])
and the other had finished some spy book, hence wiretap.

He is quite pompous and seems to think the world revolves around
him. We asked him to rename "bilbo" to not conflict. He replied that
the other machines should change because he had already named his
machine.

By the way, we're talking about toys here (maybe somthing as expensive
as an IBM-PC) not the "real" machines you might be led to believe.

He is best ignored.

---rick