USAF ARCHIVES --- 3016, 3794, 333, 347, 348, 1655, 3786 KELLY AFB, TX 7 Mar 94 1. INTRODUCTION Kelly Air Force Base is a U.S. Air Force (USAF) installation located in the city of San Antonio, Bexar County, Texas. The base is under the Air Force Material Command of the USAF. The Texas Natural Resource Conservation Commission (TNRCC) Petroleum Storage Tank (PSTs) Registration number for the facility is 0038825. The Industrial and Hazardous Waste (IHW) Division of TWC has issued Kelly AFB the Solid Waste Registration number 31750. Kelly AFB is pursuing a partial facility closure of three seven solid waste management units (SWMUs) and two petroleum storage tanks (PSTs). This will require the prep- aration of three closure plans for the SWMUs and two closure reports for the PSTs that meet the requirements of Title 31 of the Texas Administrative Code, Chapter 335, Industrial Solid Waste and Hazardous Solid Waste regulations and Title 40 of the Code of Federal Regulations, Parts 260 through 281, Hazardous Waste Management Regulations. Work shall be accomplished in two phases. Phase 1 will be the review of existing information pertinent to the SWMUs and PSTs, and the development of a partial facility closure plan for each of the SWMUs and a closure report for the PSTs. In phase 2 the contractor shall carry out field investigative work to enable the completion of the closure plan and report. 1.1 BACKGROUND There are a total of three seven sites containing SWMUs and two sites containing PSTs. Table 2 summarizes the background. 1.2 SCOPE This statement of work (SOW) outlines requirements for conducting a document review and assessment, site survey, workplan preparation, and partial facility closure plan for each of the three seven SWMUs and a closure report for each of the two PSTs. In the closure assessment phase of the SWMUs, a standard of closure will be assessed and a partial facility closure plan will be generated by the contractor. In addition, the contractor shall conduct detailed soil/water sampling and analyses to ensure the site is within acceptable levels of contamination in accordance with applicable State and Federal regulations. Methods and procedures required are specified in Table 1. 1.3 GENERAL COMPLIANCE AND APPLICABLE DOCUMENTS Guidance and requirements shall be drawn from applicable government regulations, and regulatory and industry guidance documents. These documents are referenced in the following subsections. The contractor shall use the latest edition of applicable codes and standards available at the time of Notice-to-Proceed. 1.3.1 Applicable Regulations. Requirements for site restoration at Kelly AFB shall be obtained from the following State and Federal regulations: - U.S. EPA, Title 40, Code of Federal Regulations, Parts 260 through 281, Hazardous Waste Management Regulations, July 1,1990. - Texas Natural Resource Conservation Commission (TNRCC), Title 31, Texas Administrative Code, Chapter 335, Industrial Solid Waste and Hazardous Solid Waste, 1987, as amended, (note: Subchapter S: Risk Reduction Standards). - TRNCC, Title 31, Texas Administrative Code, Chapter 334, Underground and Aboveground Storage Tanks, February 24, 1988, as amended. - National Fire Protection Association (NFPA), Part 329. - Occupational Safety and Health Administration, Title 29, Code of Federal Regulations, Part 1910.120, July 1, 1990. 1.3.1.1 State Regulations. TRNCC UST and RCRA regulations are as stringent or more stringent than U.S. EPA regulations. TRNCC regulations are enforced in the State of Texas by the TRNCC. 1.3.2 Industry and Regulatory Guidance Documents. Guidance in areas not specified in the regulations shall be obtained from the personal experience of Contractor UST experts and from guidance documents which are listed below. - Closure Guidance Documents,(Draft), TWC Hazardous Waste Sem- inar, Lubbock TX, May 19-20, 1992. - Removal and Disposal of Underground Petroleum Storage Tanks, API, Recommended Practice 1604, Second Edition, Dec 1987. - A Guidance to the Assessment and Remediation of Underground Releases, API Publication 1628, Second Ed, Aug 1989. - Technical Specifications for Well Installation, Sampling and Analysis Procedures, and Data Management, Kelly AFB, Jan 94. - Technical Specifications for Well Installation, Sampling and Analysis Procedures, and Data Management, Kelly AFB, Jan 94. 1.4 TASK AND TECHNICAL REQUIREMENTS 1.4.1 Contractor Qualifications. All tasks identified in this work effort are to be performed by the contractor unless specifically noted to be done by others. The contractor shall submit with the proposal copies of the company's TWC registration and licenses of the employees designated to perform the tasks stated in this SOW. 1.4.2 Document Review and Site Survey. The contractor shall perform a document review for each of the SWMUs and PSTs indicated in the SOW, including the review and evaluation of all information available in reference to the SWMUs and PSTs and a determination of which risk reduction standard from 31 TAC 335 should be followed for each one. The contractor shall gather information for the preparation of the closure plans for these sites, to include the types of potential contamination likely to exist at the sites, soil and water standards associated with these contaminants, environmental factors that may have affected contaminant migration and attenuation. 1.4.3 Work Plan Development. Within 15 days of the completion of the closure site assessments, the contractor shall recommend in writing if any further field investigative work is needed. This could include soil and ground water investigation, risk assessment and/or monitoring work. The recommen- dations shall clearly delineate the extent of work required, reason needed, cost of work required. The Health and Safety Plan shall include contingencies for such activities. 1.4.4 Closure Plans and Reports. 1.4.4.1 Partial Facility Closure Plan. A draft partial facility closure plan (closure plan) for each unit shall be submitted to SAALC/EMRO Kelly AFB project manager no later than 30 days after the completion of the closure site assessment and any additional field investigative work. The closure plans shall include the recommendation for standard of closure within TWCs Risk Reduction Standards to be followed for each UPST/SWMU system assessed. The closure plans will meet the requirements of 31 TAC 335 and 40 CFR 260281. At a minimum, the closure plans shall address; (1) a description of how each SWMU will be closed; (2) a description of how each partial facility closure will be conducted; (3) a detailed description of the methods to be used during partial closure, including the methods for removing, transporting, treating, storing, or disposing of all solid wastes; (4) a detailed description of the steps needed to remove and decontaminate all hazardous residues and contaminated containment system components, equipment, structures and soils during partial closure activities, including, but not limited to procedures for cleaning equipment and removing contam- inated soils, methods for sampling and testing surrounding soils, and criteria for sampling and testing surrounding soils, and criteria for determining the extent of decontamination required to satisfy the closure performance standards; (5) a detailed description of the other activities necessary during the closure period to ensure that all partial closure activities satisfy the closure performance standards, including but not limited to ground water monitoring (if necessary) and run-on/run-off control; (6) a schedule for closure for each SWMU including the total time required to close each SWMU and the time required for other activities necessary for closure which will allow for tracking of the partial closure progress. 1.4.4.2 PST Closure Reports. The contractor shall submit a final report to the Kelly AFB POC no later than 30 days after the project is completed for each of the PSTs at buildings 3016 and 3786. This report shall document all field activities, locations of the tanks and ancillary piping and equipment, locations of underground utilities which are potential contaminant receptors, laboratory analyses of soil and water, materials manifests, notification documents, copies of chain-of-custody forms, and UST condition. The contractor shall make all field notes available for review. The contractor shall include in this report a photographic record of the project. This record shall include pictures denoting each phase of the project. The contractor shall take photos on 35 mm film and developed as 3X5 inch color glossies. Negatives will also be submitted. The contractor shall address soil and ground water remediation methods in these reports. 1.4.5 Inspections and Records. The contractor shall designate a Field Team Leader (FTL) to remain on the job site during site preparation and site restor- ation. FTL oversight is especially important during sampling and analysis efforts. The FTL shall ensure that all phases of the field work are in compliance with appropriate regulations, job specifications, and safety requirements, and shall document and photograph all phases of the site closure. The FTL shall coordin- ate and interface with state inspectors, government project managers, and other authorities during the course of field activities. All field notes taken by con- tractor and subcontractor personnel shall be available upon request by the Kelly POC. 1.4.6 Site Preparation. All site preparation personnel and onsite supervisors shall be licensed as required by TWC. The contractor shall remove the contents/products remaining in the tanks and ancillary piping and equipment. The contractor shall expose the tanks. The tank vapors shall be vented and purged in accordance with an approved standard or method. The tank atmosphere shall be monitored with an explosive meter to confirm that the tank atmosphere is below 10% of the lower explosive limit (LEL). The contractor shall remove the tanks from the excavation. Tank vapors shall be monitored continuously throughout the removal process. The contractor shall maintain a non explosive atmosphere. The contractor shall inspect the tanks upon removal and their condition documented. Concrete anchorage plates, if they exist, shall be removed. The contractor shall render the tanks unusable as a tank. 1.4.7 Field Screening. The contractor shall inspect each site by visual and olfactory means for signs of tank leakage. An organic vapor analyzer shall be used to measure head space total organic vapors present in the soil and breathing zone during site preparation. 1.4.8 Sampling and Analysis. The contractor shall collect and analyze no more than 697 1,925 soil and groundwater samples for the SWMUs, PSTs, and sump. The contractor shall collect a 3-part composite native sample from the four walls of the sump and bottom of the excavation created by the removal of the sump adjacent to the SWMU at bldg 3794. The contractor shall analyze for the parameters specified in Table 1. 1.4.9 Temporary Stockpile Areas. The contractor shall stockpile contaminated soil adjacent to each site. The stockpiles will be temporary storage areas for contaminated soils while samples are tested to determine the type and magnitude of the soil contamination. The excavated material shall be placed on 10mm plastic and covered. The contractor shall berm the excavation to prevent stormwater from entering the pit and place barricades around the excavation before leaving the site. 1.4.10 Material Disposal. The contractor shall arrange for disposal or treatment of hazardous and nonhazardous wastes. Any waste determined to be a nonhazardous petroleum contaminated substance will be arranged for on-site treatment by the Kelly POC. Wastes which are determined to be hazardous based upon analytical results will be drummed and disposed of by the base. The contractor shall arrange for disposal (or salvage) of the tanks, associated piping, and any other material associated with each tank site. 1.4.11 Liquid Disposal. Petroleum contaminated water, upon approval by the Kelly AFB POC, shall be taken to the Kelly AFB Environmental Pollution Control Facility (EPCF) and treated. 1.4.12 Sludge Disposal. The contractor shall dispose of tank sludge according to applicable regulations. The contractor shall place the tank sludge deter- mined to be hazardous waste in a 55-gallon drums. The contractor shall label these drums and deliver them to Lot 513 on base for disposal. 1.4.13 Material Transport. Contractor shall arrange for the transport and proper disposal of nonhazardous contaminated material if transportation is required. The required waste transport manifests shall be prepared for government signature prior to transport of contaminated materials. Receipts shall be obtained from the party receiving contaminated materials. Transport- ation invoices or manifests shall be prepared listing site number and tank size removed from government property. Any tank rubble shall be included on the invoices or manifests. 1.4.14 Site Restoration. The contractor shall restore all sites to match existing andscaping. Site restoration will consist of the following areas: 1.4.14.1 Backfill. The contractor shall backfill excavations with clean material when laboratory results confirm that the excavation is clean or approval is given to backfill from AL POC. The contractor shall randomly sample backfill material for analysis according to procedures outlined in paragraph 1.4.8 to ensure the soil is clean. Material removed from the excavation may be used as backfill if it is confirmed to be clean. The contractor shall provide imported material for backfilling excavated pits if clean material is not immediately available for backfill. 1.4.14.2 Restoration. Fill material shall be compacted as the excavation is filled and the surface restored to the level, grade, and condition of the surrounding area. 1.4.14.2.1 Capacity Restoration. Completion of the SWMU closure at Buildings 333 and 348 will result in a loss of 12,000 gallons capacity at each site (24,000 gallons total for the two buildings). The contractor shall provide 2,000 gallons UPST capacity for the storage of calibrating fluid and oil at both Buildings 333 and 348 (4,000 gallons total for the two buildings). This is necessary to support existing industrial operations upon SWMU closure. 1.4.15 Boreholes and Monitoring Wells. If clean closure of a site is not possible the contractor shall perform the following: 1.4.15.1 Borehole Drilling. The contractor shall install a maximum of four boreholes per tank field not-to-exceed a total of 700 1200 linear feet using a 10 1/2 inch hollow auger. The contractor shall inspect the borings by visual and olfactory means for signs of tank leakage. The contractor shall use an organic vapor analyzer to measure head space in the borings. The contractor shall collect soil samples at each boring where the monitoring equipment indicates the highest organic vapor reading for that particular boring or immediately above the water table. The contractor shall collect soil samples with a split spoon sampler or other EPA approved sampler. The contractor shall analyze the soil samples for the parameters as specified in Table 1. Any borehole that tests positive for contamination may be converted to a monitoring well at the discretion of the base POC and FTL. All drilling augers and sampling equipment will be decontaminated using a steam cleaner and mild phosphate free detergent prior to drilling. All sampling equipment will be decontaminated prior to each sampling event. Two QA/QC samples shall be taken from the rinsewater following decontamination procedures. The samples shall be analyzed for the same parameters as the soil samples. 1.4.15.2 Sealing Boreholes. The contractor shall tremie grout the borehole to the surface with a bentonite/cement slurry. The contractor shall reseal the boreholes to preclude future migration of contaminants (if present). 1.4.15.3 Marking Borehole Locations. The contractor shall permanently mark each soil boring location or record the location on a project map for each specific site or zone, whichever is applicable. The contractor shall include a project map in the Tank Closure Report. 1.4.15.4 Monitoring Well Installation. The contractor shall convert boreholes into monitoring wells. The contractor shall drill the monitoring wells using hollow- stem auger techniques and installed in accordance with the applicable regulations. The contractor shall drill the wells in order to assess the aquifer for potential contamination. The contractor shall install a maximum of 18 20 wells not-to-exceed a total of 700 linear feet at a of depth of 35 feet per well. The contractor shall collect and analyze soil and/or water samples (including QA/QC samples) for parameters as specified in Table 1. Monitoring well installation protocol is described in the statements below. 1.4.15.5 Well Drilling. Drill all wells using a 10 1/2 inch hollow-stem auger. Avoid installing wells in depressions or areas subject to frequent flooding and standing water. If wells must be installed in such areas, the contractor shall design the wells to prevent standing water from leaking into the top of the casing or cascading down the annular space. All drilling augers and sampling equipment will be decontaminated using a steam cleaner and mild phosphate free detergent prior to drilling. All sampling equipment will be decontaminated prior to each sampling event. 1.4.15.6 Well Casing Requirements. The contractor shall construct each hallow well with a 4 inch PVC casing and shall use threaded screw-type joints only. Glued fittings are not permitted. The contractor shall flush-thread all connections. 1.4.15.7 Well depth. The contractor shall install wells five feet below the expected lowest water table as determined by the onsite hydrogeologist/ geologist. 1.4.15.8 Well Screening. The contractor shall screen each shallow well using PVC casing having up to 0.010 inch slots. Each well screen shall be a maximum of twenty five (25) feet in length. The contractor shall cap the bottom of the screen with a threaded PVC cap. The contractor shall screen all wells so as to collect light and dense non-aqueous phase liquids and to allow for yearly fluctuations of the water table. Once the casing is in place, the contractor shall install the sand/gravel pack. The sand/gravel pack will consist of washed and bagged rounded silica sand or gravel with a grain size distribution compatible with the screen and soil formation. The contractor shall place the pack from the bottom of the borehole to two (2) to three (3) feet above the top of the screen. A two foot bentonite seal (granular or pellets) will be placed above the sand/gravel pack. The contractor shall ensure that the bentonite forms a complete seal by hydrating the bentonite with a sufficient quantity of potable water. The contractor shall grout the remainder of the annulus to the land surface with a Type I Portland cement/bentonite slurry. 1.4.15.9 Well Completion. The contractor shall complete the well flush with the land surface. The contractor shall cut the casing two to three inches below land surface, and install a protective locking lid consisting of a cast iron valve box assembly. The contractor shall place the valve box in the center of the hole with the top just above the ground surface. The contractor shall place concrete around the annular space and sloped away from the valve box to divert drainage and provide a watertight compression casing cap to prevent infiltration of surface water. The contractor shall maintain clearance between the casing top and the bottom of the valve box. Clearly mark the well number on the valve box lid and well casing. The contractor shall provide locks for the well assemblies. The locks must either have identical keys or be keyed for opening with one master key. The contractor shall turn-over the lock keys to he base POC following completion of the field effort. 1.4.15.10 Well Development. The contractor shall develop each well in accordance regulatory requirements with a submersible pump, bailer, and/ or airlift method. The contractor shall continue well development until the discharge water is clear and free of sediment to the fullest extent possible as determined by the on-site hydrogeologist/geologist. The contractor shall measure the rate of water production, the pH, specific conductance, and water temperature during well development. The contractor shall drum, label, and transport all development water to Lot 513 on base for disposal by the base. 1.4.15.11 Water Level Measurements. The contractor shall survey and record local water head level to within 0.01 foot. The contractor shall measure water levels at all monitoring wells as feet below the top of casing elevation to the nearest 0.01 foot relative to surveyed water height. The contractor shall measure static water levels in wells prior to well development and before all well purging which precedes sampling events. 1.4.15.12 Borehole/Well Log. For each borehole/well, the contractor shall prepare a log showing stratigraphy changes of the drill cuttings and how the borehole/well was constructed. The contractor shall include logs in the Closure Report. 1.4.15.13 Precautions. The contractor shall consult with the base POC to properly position the boreholes/wells with respect to site locations, and to avoid underground utilities. The contractor shall refer to a utilities map, if available, before any drilling activities take place. Clearance must be granted the Kelly POC to obtain clearance prior to commencement of field activities. The Kelly POC shall obtain the digging permit. 1.4.15.14 Air Monitoring During Drilling. The contractor shall monitor the ambient air during all soil boring work with a photoionization meter or equivalent organic vapor detector to identify the generation of potentially hazardous and/or toxic vapors or gases. The contractor shall include air monitoring results in the boring logs. If soil encountered during borehole drilling or test pit work is suspected to be hazardous because of abnormal discoloration, odor or air monitoring levels, the contractor shall containerize the soil cuttings in drums, mark the drums with drilling location depth, and prepare a manifest for base documentation. The contractor shall enter into the boring logs the depth(s) for which suspected contaminated soil cuttings were collected. The contractor shall use containment methods during drilling to prevent the surface area from becoming contaminated. 1.4.15.15 Cleanup. The contractor shall handle all drill cuttings according to the procedures outlined in paragraph 1.4.10. Clean drill cuttings can be used at the discretion of the base POC. The contractor shall drum, label and transport drill cuttings determined to be hazardous waste based on analytical results to Lot 513 on base for disposal. 1.4.16 Closure Certification. The contractor shall provide professional engineer review and certification of the final partial facility closure in accordance with the closure plans developed. 1.4.17 UST Management Plan. The contractor shall review information and pertinent records on the UST systems or single tanks found at various sites. The contractor shall assess the current UST status and evaluate the USTs pursuant to regulatory requirements. The contractor shall present recommend- ations for compliance, scheduling, and costs. 1.4.18 Data Collection. The contractor shall collect all field information and analytical results associated with soil or groundwater sampling, soil boring, monitoring well installation, and soil organic vapor surveys so that this inform- ation can be loaded into the Installation Restoration Program Information Management System (IRPIMS) which is managed by the Air Force Center for Environmental Excellence (AFCEE). The contractor shall not be responsible for submitting the data to AFCEE. The contractor shall use the worksheets provided in Appendix D of the "Technical Specifications for Well Installation, Sampling and Analysis Procedures, and Data Management". The contractor shall complete the worksheets as specified in chapter 5 of the "Technical Specifications". 1.5 REPORTS, DATA AND OTHER DELIVERABLES 1.5.1 Work Plan. The contractor shall submit a work plan detailing site investigation within 15 days of the completion of the closure site assessments, the contractor shall submit a Work Plan detailing any further needed field investigative work. The contractor shall prepare a revised draft of the work plan to reflect all additional activities. The contractor shall secure approval on the work plan from both the AL and Kelly AFB POCs before proceeding with the work effort. If additional site investigation work is necessary, the Health and Safety Plan will include contingencies for such activities. 1.5.2 Health and Safety Plan. The contractor shall submit for review and approval a Health and Safety Plan (HSP) one week prior to initiation of site activities. No notice to proceed with the remaining work shall not be issued until the HSP has been approved by the Kelly AFB point-of-contact (POC). A site-specific HSP shall identify the health and safety procedures required to minimize potential risk to all contractor and subcontractor employees at the work sites. The contractor shall establish a field team leader (FTL) that will be responsible for all field activities conducted and shall be on site during all field work. The FTL will have completed 40 hours of Hazardous Waste Site Health and Safety Training as required by OSHA (29 CFR 1910.120(f) ) and will monitor the site conditions during all phases of the field work for the risk of exposure of all contractor and subcontractor employees at the work site. At any time during the field activities, should the site conditions warrant evacuation, it shall be the responsibility of the FTL to evacuate all personnel on site and notify the proper entities on base of the situation as soon as possible. 1.5.3 SWMU and PST Closure Assessment/Closure Procedure Schedule. The contractor shall give a closure site assessment and partial facility closure plan development and implementation schedule to the project officer and Kelly POC at the kick-off meeting as described in 1.6.1. This schedule may be subject to change as needed and shall be coordinated through the project officer and the KAFB POC. 1.5.4 Closure Plans and Reports. 1.5.4.1 SWMU Partial Facility Closure Plans. The contractor shall submit a partial facility closure plan for each SWMU indicated in this SOW. The closure plans shall be reviewed and approved by the Kelly POC prior to submitting them to TNRCC and conducting the closure process. 1.5.4.2 PST Closure Report. The contractor shall submit a closure report for each PST indicated in Table 2. The closure report will be reviewed and approved by the Kelly POC prior to submitting the closure report to TNRCC. 1.5.5 UST Management Plan. The contractor shall prepare and submit a UST Management Plan for the UST systems or single USTs on base. The Plan shall contain the elements detailed in Paragraph 1.4.18. 1.6 MISCELLANEOUS REQUIREMENTS 1.6.1 Kick-Off Meeting. A kick-off meeting between Kelly AFB and the contractor will take place within 10 days of the notice to proceed being received by the contractor. This meeting will take place at Kelly AFB. 1.6.2 Notices. The contractor shall not submit reports/plans to TWC. The KAFB Project Manager will submit all necessary reports/plans to TWC. II. SITE LOCATIONS Bldgs 351, 645, 3016, 3786, 3794, 333, 347, 348, and 1655 Kelly AFB, Texas III. BASE SUPPORT NONE IV. GOVERNMENT FURNISHED PROPERTY NONE V. GOVERNMENT POINTS OF CONTACT 5.1 ARMSTRONG LABORATORY (AL) PROJECT OFFICER MSgt Mark Bishop AL/OEBQ 2402 E Drive Brooks AFB TX 78235 5114 DSN: 240-3305 FAX 240-3945 COM: (210) 536-3305 FAX (210) 536-3945 5.2 KELLY AFB POINT OF CONTACT (POC) Don Ficklen SA ALC/EMRO 412 Pearson Ave, Bldg 3772 Kelly AFB, TX 78241 6558 DSN: 945-1812/13 FAX 945-1814 COM: (210) 925 1812 FAX: (210) 925 1814 VI. DELIVERABLES 6.1 Documents. Documents. In addition to sequence numbers 1 and 5 listed to attachment 1 to the basic contract, which apply to all orders, the sequence numbers and dates below are applicable to this order: PRIVATE Seq No. Para Block 10 Block 11 Block 12 Block 13 Block 14 4 HSP 1.5.2 OTIME 29DAC 30DAC NA * 4 Work Plan 1.5.1 ONE/R 29DAC 30DAC 210DAC * 4 UST/SWMU/PST ClosureAssmt Closure Proc Schedule 1.5.3 ONE/R 59DAC 60DAC 125DAC * 4 SWMU Partial Facil. Closure Plan 1.5.4 ONE/R 124DAC 125DAC 155DAC * 4 UST Mgt Plan 1.5.5 OTIME 178DAC 180DAC 215DAC ** 4 PST Closure Report 1.5.4.2 ONE/R 184DAC 185DAC 215DAC ** 4 Data Collect IRPIMS Worksheets 1.4.18 ONE/R 30DAC 35DAC 50DAC *** * Two copies (1 to Kelly POC and 1 to AL POC) are required. ** Three draft copies (2 to Kelly POC and 1 to AL POC) and Six final copies (4 to Kelly POC and 1 to AL POC, including camera-ready copy to AL) are required. The contractor shall enclose a completed Standard Form 298, Report Documentation Page, at the beginning of the report. Government POCs shall have 10 days to review draft plans. The contractor shall enclose a completed Standard Form 298, Report Documentation Page, at the beginning of the report. *** Four copies (3 to Kelly POC and 1 to AL POC) are required. TABLE 1 Summary of Laboratory Analysis PRIVATE Parameter Analytical Method Total Volatile Organic Compounds SW8240 72 223 Semi-Volatile Organic Compounds SW3550/8270 66 217 Total Petroleum Hydrocarbons E418.1 112 317 BTEX SW8920 66 120 Arsenic SW3050/7060 2 Lead (Total) SW3050/6010 40 Chromium (Total) SW3050/6010 2 Cadmium (Total) SW3050/6010 2 ICP Metals (23 Metals, Total, Recoverable, Dissolved) SW3050/6010 66 217 Total Organic Halogens (TOX) SW9020 66 217 Ignitibility SW1010 23 85 Corrosivity SW1110/9040 23 85 Reactivity SW846, chapt 7 23 85 Toxicity Characteristic Leachate Procedure (Metals) SW1311 23 85 Volatile Organic Compounds SW824 25 54 Semi-Volatile Organic Compounds SW3550/8270 17 38 Total Petroleum Hydrocarbons E418.1 23 44 BTEX SW8020 6 8 Lead (Total) SW3050/6010 6 8 Chromium (Total) SW3050/60100 Cadmium (Total) SW3050/60100 ICP metals (23 Metals, Total, Recoverable, Dissolved) SW3050/6010 17 38 Total Organic Halogens (TOX) SW9020 17 38 TOTAL SAMPLES 697 1,925 PRIVATE TABLE 2: BACKGROUND SUMMARY OF SWMUs AND PSTs BLDG NO. TANK CAPACITY (GAL) SUSPECTED CONTAMINATE INSTALL DATE INACTIVE DATE CONSTRUCTION MATERIAL NOTICE OF REGISTRA-TION SWMU, PST or 351 5,000 Petroleum Distillate 1940's 1991 Steel. No visible secondary containment or cathodic protection No SWMU 645 500 Petroleum Distillate 1978 1992 Same as above Yes No. 32 SWMU 3016 500 Waste Petroleum Materials 1940's 1991 Same as above No PST 3794 1,000 Waste Petroleum Materials 1973 1991 Same as above Yes No. 49 SWMU 3786 500 Petroleum Materials 1964 Unknown Same as above No PST 3332 Tanks 6,000 6,000 New & Spent Calibration Fluid 1978 Unknown Steel with cathodidc protection Yes No. 41 SWMU 3475 Tanks 2-500 1-265 1-3,000 1-6,000 New & Spent Calibration Fluid and Used Oil 1950, 1974 Unknown Same as above Yes No. 28 SWMU 3482 Tanks 6,000 6,000 New & Spent Petroleum Distillate 1980 Unknown Fiberglass Yes No. 29 SWMU 1655 2 Tanks 12,000 12,000 Spent Calibration Fluid 1978 Active Fiberglass Yes No. 247 SWMU ***** 137.242.1.0 : Request timed out 137.242.1.1 : Request timed out 137.242.1.2 : Request timed out 137.242.1.3 : Request timed out 137.242.1.4 : Request timed out 137.242.1.5 : Request timed out 137.242.1.6 : Request timed out 137.242.1.7 : Request timed out 137.242.1.8 : Answered in 342 msecs 137.242.1.9 : Answered in 300 msecs 137.242.1.10 : Answered in 348 msecs 137.242.1.11 : Answered in 300 msecs 137.242.1.12 : Request timed out 137.242.1.13 : Answered in 393 msecs 137.242.1.14 : Answered in 348 msecs 137.242.1.15 : Answered in 348 msecs 137.242.1.16 : Request timed out 137.242.1.17 : Request timed out 137.242.1.18 : Request timed out 137.242.1.19 : Request timed out 137.242.1.20 : Answered in 404 msecs 137.242.1.21 : Request timed out 137.242.1.22 : Request timed out 137.242.1.23 : Request timed out 137.242.1.24 : Request timed out 137.242.1.25 : Request timed out 137.242.1.26 : Request timed out 137.242.1.27 : Request timed out 137.242.1.28 : Request timed out 137.242.1.29 : Request timed out 137.242.1.30 : Request timed out Active servers for Kelly AFB * http://afbcaem.kelly.af.mil * ftp://afcert.kelly.af.mil * http://afpki.kelly.af.mil * ftp://kellyftp.kelly.af.mil * http://kelsatx1.kelly.af.mil * http://kelsatx2.kelly.af.mil * http://kelsatx3.kelly.af.mil * http://www.kelly.af.mil 137.242.1.8 kelsatx1.kelly.af.mil 137.242.1.9 kelsatx3.kelly.af.mil 137.242.1.11 kelsatx2.kelly.af.mil 137.242.1.12 webtest1.kelly.af.mil 137.242.1.13 www.kelly.af.mil 137.242.1.14 afpki.kelly.af.mil 137.242.1.15 afbcaem.kelly.af.mil 137.242.1.16 kelsatx8.kelly.af.mil 137.242.1.17 afiwcweb.kelly.af.mil 137.242.1.18 afiwcmil.kelly.af.mil 137.242.1.20 kellyftp.kelly.af.mil 137.242.1.22 kelsatxpr.kelly.af.mil 137.242.1.24 atspgm-public.kelly.af.mil 137.242.1.25 bratsrv.kelly.af.mil 137.242.1.26 atspgm.kelly.af.mil 137.242.1.27 atspgm-mil.kelly.af.mil 137.242.1.50 kelsatxp1.kelly.af.mil 137.242.1.51 kelsatxp2.kelly.af.mil 137.242.1.67 aiaras67.kelly.af.mil 137.242.1.68 aiaras68.kelly.af.mil 137.242.1.69 aiaras69.kelly.af.mil 137.242.1.70 aiaras70.kelly.af.mil 137.242.1.71 aiaras71.kelly.af.mil 137.242.1.72 aiaras72.kelly.af.mil 137.242.1.73 aiaras73.kelly.af.mil 137.242.1.74 aiaras74.kelly.af.mil 137.242.1.75 aiaras75.kelly.af.mil 137.242.1.76 aiaras76.kelly.af.mil 137.242.1.77 aiaras77.kelly.af.mil 137.242.1.78 aiaras78.kelly.af.mil 137.242.1.79 aiaras79.kelly.af.mil 137.242.1.80 aiaras80.kelly.af.mil 137.242.1.81 aiaras81.kelly.af.mil 137.242.1.82 aiaras82.kelly.af.mil 137.242.1.83 aiaras83.kelly.af.mil 137.242.1.84 aiaras84.kelly.af.mil 137.242.1.85 aiaras85.kelly.af.mil 137.242.1.86 aiaras86.kelly.af.mil 137.242.1.87 aiaras87.kelly.af.mil 137.242.1.88 aiaras88.kelly.af.mil 137.242.1.89 aiaras89.kelly.af.mil 137.242.1.90 aiaras90.kelly.af.mil 137.242.1.91 aiaras91.kelly.af.mil 137.242.1.92 aiaras92.kelly.af.mil 137.242.1.93 aiaras93.kelly.af.mil 137.242.1.94 aiaras94.kelly.af.mil 137.242.1.95 aiaras95.kelly.af.mil 137.242.1.96 aiaras96.kelly.af.mil 137.242.1.97 aiaras97.kelly.af.mil 137.242.1.101 kellyras101.kelly.af.mil 137.242.1.102 kellyras102.kelly.af.mil 137.242.1.103 kellyras103.kelly.af.mil 137.242.1.104 kellyras104.kelly.af.mil 137.242.1.105 kellyras105.kelly.af.mil 137.242.1.106 kellyras106.kelly.af.mil 137.242.1.107 kellyras107.kelly.af.mil 137.242.1.108 kellyras108.kelly.af.mil 137.242.1.109 kellyras109.kelly.af.mil 137.242.1.110 kellyras110.kelly.af.mil 137.242.1.111 kellyras111.kelly.af.mil 137.242.1.112 kellyras112.kelly.af.mil 137.242.1.113 kellyras113.kelly.af.mil 137.242.1.114 kellyras114.kelly.af.mil 137.242.1.115 kellyras115.kelly.af.mil 137.242.1.116 kellyras116.kelly.af.mil 137.242.1.117 kellyras117.kelly.af.mil 137.242.1.118 kellyras118.kelly.af.mil 137.242.1.119 kellyras119.kelly.af.mil 137.242.1.120 kellyras120.kelly.af.mil 137.242.1.121 kellyras121.kelly.af.mil 137.242.1.122 kellyras122.kelly.af.mil 137.242.1.123 kellyras123.kelly.af.mil 137.242.1.124 kellyras124.kelly.af.mil 137.242.1.125 kellyras125.kelly.af.mil 137.242.1.126 kellyras126.kelly.af.mil 137.242.1.127 kellyras127.kelly.af.mil 137.242.1.128 kellyras128.kelly.af.mil 137.242.1.129 kellyras129.kelly.af.mil 137.242.1.130 kellyras130.kelly.af.mil 137.242.1.131 kellyras131.kelly.af.mil 137.242.1.132 kellyras132.kelly.af.mil 137.242.1.133 kellyras133.kelly.af.mil 137.242.1.134 kellyras134.kelly.af.mil 137.242.1.135 kellyras135.kelly.af.mil 137.242.1.136 kellyras136.kelly.af.mil 137.242.1.137 kellyras137.kelly.af.mil 137.242.1.138 kellyras138.kelly.af.mil 137.242.1.139 kellyras139.kelly.af.mil 137.242.1.140 kellyras140.kelly.af.mil 137.242.1.141 kellyras141.kelly.af.mil 137.242.1.142 kellyras142.kelly.af.mil 137.242.1.143 kellyras143.kelly.af.mil 137.242.1.144 kellyras144.kelly.af.mil 137.242.1.145 kellyras145.kelly.af.mil 137.242.1.146 kellyras146.kelly.af.mil 137.242.1.147 kellyras147.kelly.af.mil 137.242.1.148 kellyras148.kelly.af.mil 137.242.1.149 kellyras149.kelly.af.mil 137.242.1.150 kellyras150.kelly.af.mil 137.242.1.151 kellyras151.kelly.af.mil 137.242.1.152 kellyras152.kelly.af.mil 137.242.1.153 kellyras153.kelly.af.mil 137.242.1.154 kellyras154.kelly.af.mil 137.242.1.155 kellyras155.kelly.af.mil 137.242.1.156 kellyras156.kelly.af.mil 137.242.1.157 kellyras157.kelly.af.mil 137.242.1.158 kellyras158.kelly.af.mil 137.242.1.159 kellyras159.kelly.af.mil 137.242.1.160 kellyras160.kelly.af.mil 137.242.1.161 kellyras161.kelly.af.mil 137.242.1.162 kellyras162.kelly.af.mil 137.242.1.163 kellyras163.kelly.af.mil 137.242.1.164 kellyras164.kelly.af.mil 137.242.1.165 kellyras165.kelly.af.mil 137.242.1.166 kellyras166.kelly.af.mil 137.242.1.167 kellyras167.kelly.af.mil 137.242.1.168 kellyras168.kelly.af.mil 137.242.1.169 kellyras169.kelly.af.mil 137.242.1.170 kellyras170.kelly.af.mil 137.242.1.171 kellyras171.kelly.af.mil 137.242.1.172 kellyras172.kelly.af.mil 137.242.1.173 kellyras173.kelly.af.mil 137.242.1.174 kellyras174.kelly.af.mil 137.242.1.175 kellyras175.kelly.af.mil 137.242.1.176 kellyras176.kelly.af.mil 137.242.1.177 kellyras177.kelly.af.mil 137.242.1.178 kellyras178.kelly.af.mil 137.242.1.179 kellyras179.kelly.af.mil 137.242.1.180 kellyras180.kelly.af.mil 137.242.1.181 kellyras181.kelly.af.mil 137.242.1.182 kellyras182.kelly.af.mil 137.242.1.183 kellyras183.kelly.af.mil 137.242.1.184 kellyras184.kelly.af.mil 137.242.1.185 kellyras185.kelly.af.mil 137.242.1.186 kellyras186.kelly.af.mil 137.242.1.187 kellyras187.kelly.af.mil 137.242.1.188 kellyras188.kelly.af.mil 137.242.1.189 kellyras189.kelly.af.mil 137.242.1.190 kellyras190.kelly.af.mil 137.242.1.191 kellyras191.kelly.af.mil 137.242.1.192 kellyras192.kelly.af.mil 137.242.1.193 kellyras193.kelly.af.mil 137.242.1.194 kellyras194.kelly.af.mil 137.242.1.195 kellyras195.kelly.af.mil 137.242.1.196 kellyras196.kelly.af.mil 137.242.1.199 cits-dns1.kelly.af.mil 137.242.1.200 fsmbpb08.kelly.af.mil 137.242.1.201 sagate1.kelly.af.mil 137.242.1.202 sagate2.kelly.af.mil 137.242.1.203 kelsatx9.kelly.af.mil 137.242.1.204 kellyavgate.kelly.af.mil 137.242.1.205 sagate5.kelly.af.mil 137.242.1.207 kellypub.kelly.af.mil 137.242.1.208 empub.kelly.af.mil 137.242.1.209 pkpub.kelly.af.mil 137.242.1.210 sfpub.kelly.af.mil 137.242.1.211 papub.kelly.af.mil 137.242.1.212 svpub.kelly.af.mil 137.242.1.213 tipub.kelly.af.mil 137.242.1.214 ldpub.kelly.af.mil 137.242.1.215 vcspmo.kelly.af.mil 137.242.1.216 dppub.kelly.af.mil 137.242.1.227 teltest.kelly.af.mil 137.242.1.253 testip.kelly.af.mil 03-09-00 09:09AM 27836416 651MUNS.PST 03-09-00 09:10AM 10158080 DAVID.WORK.PST 03-09-00 09:12AM 155533312 DROBERTS.PST 03-09-00 09:13AM 25870336 EBUSTLE.PST 03-09-00 09:14AM 42467328 IBASINGER.PST 03-09-00 09:14AM 38502400 JREAVIS.PST 03-09-00 09:39AM 2179072 JRYAN.pst 03-09-00 09:39AM 35684352 JUAN.RIOS.PST 03-09-00 09:39AM 7094272 KDURCAN.PST 03-09-00 09:39AM 6078464 KHILL.PST 03-09-00 09:40AM 4538368 KHOLDERFIELD.PST 03-09-00 09:40AM 22511616 KIGLESIAS.PST 03-09-00 09:40AM 45989888 LGWP.PST 03-09-00 09:42AM 175751168 SCOTTB.PST 03-09-00 09:42AM 114688 TUTKO.PST 03-09-00 09:43AM 30703616 WILLIAMMA.PST HTTP Error 403 403.4 Forbidden: SSL required This error indicates that the page you are trying to access is secured with Secure Sockets Layer (SSL). In order to view it, you need to enable SSL by typing "https://" at the beginning of the address you are attempting to reach. This site supported by the DOD PKI. You must have a US High Encryption 128 bit browser to view the contents. Accessing this site with HTTPS may result in a number of messages if you have not already accepted the DOD PKI Root CA in your browser. Accept the defaults on each message screen until you enter the page. After entering the page go to USING-PKI, Trusting the DOD PKI Root and accept the DOD PKI Root certificate chain into your browser. If you receive an error similar to "This site and your browser do not share a common encyrption algorythm" then you do not have a 128 bit browser. Check to make sure you have a US High Encryption (128 bit) browser installed. If you still encounter problems, send an e-mail to the AFPKI Office. Please describe your problem and provide your contact information. Top of Personal Folders Search Root From: AFMC/CCC Generic Mailbox [mailto:HQAFMC.CCC@wpafb.af.mil] Sent: Monday, February 28, 2000 21:56 To: Barton, CMSgt Bruce; Brian, CMSgt Deborah; Bridges, Dave; Cleveland, Don; Czepiel, Len; Dickerson, Chuck; Edwards, Tom; Evans, Darlin; Hirons, Terry; Holmes, Frank; Johnson, Dan; Johnson, Tommy; Olesnevich, Edward; Schuster, Bill; Scott, Dean Cc: CCC1, HQ AFMC; CCC2, HQ AFMC; Alt, Jeffrey; Babcock, David; Babin, Mitch; Blanton, Patricia; Blizzard, Bernard; Bryan, Teresa; Butler, Alan; Davis, Marvin; Diaz, Debbra; Fedarko, John; Gendron, Michael; Golden, Tom; Grant, Richard; Gray, Tim; Hagmaier, Thomas; Healey, Deborah; Kasch, Valerie; Knighton, Gary; Larrymore, Brien; Marlette, Hans; Pype, Achiel; Reinsmoen, Neil; Russell, Linda; Sandoval, Edward; Seeloff, Jeffrey; Seiler, William; Smith, Gregory; Trudics, David; Whorton, David; Williams, Christopher; Bastaich, Paul; Davis, Gary; Defibaugh, Brian; Henson, David; Jungling, Scott; Lesieur, Dexter; Ramirez, Eduardo; Thompson, Gerry; VanBuren, MSgt Regina; Woods, Perry Subject: FW: Deployment Medical Records (00-105) Hello all! Below TRICARE article for your info, use, and dissemination. Thanks. Chief Mazza -----Original Message----- From: Milton Bell [mailto:mbell@csdmail.medcom.amedd.army.mil] Sent: Monday, February 28, 2000 3:34 PM To: Tricare_news List Member Subject: [Tricare_news] DoD Works to Improve Deployment Medical Record Keeping {01} By Staff Sgt. Kathleen T. Rhem, USA American Forces Press Service WASHINGTON, Feb. 28, 2000 -- DoD officials are taking steps to ensure service members' health is evaluated before and after deployments and that individual medical concerns are properly addressed. Navy Capt. David H. Trump recently explained the relatively new requirement for standard pre- and post-deployment health assessments to a group of military medical professionals. The group was meeting here Jan. 31-Feb. 3 for the 2000 TRICARE Conference. Trump is the program director for preventive medicine and surveillance in the Office of the Assistant Secretary of Defense for Health Affairs. The fiscal 1998 Defense Authorization Act mandated the assessments. "The secretary of defense was directed to implement a medical tracking system for military members deployed overseas," Trump said. The system was to include data on immunizations and "health events that occurred in theater, to include healthcare encounters and environmental exposures," he said. In May 1999, two standard DoD forms grew out of this requirement -- DD Form 2795, pre-deployment health assessment, and DD Form 2796, post-deployment health assessment. Trump explained the two forms must be filled out before and after all deployments of more than 30 days to "a place that doesn't have a fixed medical treatment facility." Each form is a questionnaire that allows service members to record information about their general health and to share any concerns they may have. The pre-deployment assessment asks such questions as: Do you have any medical or dental problems? Do you have a 90- day supply of your prescription medication or birth control pills? During the past year, have you sought counseling or care for your mental health? The post-deployment assessment asks questions relating to deployment experiences. Some examples: Do you have any unresolved medical or dental problems that developed during this deployment? Do you have concerns about possible exposures or events during this deployment that you feel may effect your health? Both forms provide for follow-up care or specialty referrals if necessary. Once completed and signed by both the service member and the healthcare provider, one copy of the form is filed in the individual's medical record and the other is forwarded to the Defense Medical Surveillance System. DoD had been taking steps in that direction before receiving direction from Congress, Trump said. He explained that the need for pre- and post-deployment health screenings became apparent following the Gulf War. "In many cases, the health screenings that were done as part of mobilization processing weren't recorded in the individual's medical record," he said. "And probably more problematic, many times medical assessments were not done on return from deployment." This was particularly a problem for Guard and Reserve members, many of whom were separated from military service without ever receiving a pre-separation physical. "This caused many problems for them when they went to seek care from [the Department of] Veterans Affairs," Trump said. He described the assessments as an easy step with the potential to help a lot of people in the long run. "This is not rocket science. This is not a research study," he said. "It really is just a way to document that people had the opportunity to list their concerns and that a clinical assessment has been made. "It's just a way of making sure we provide the commander in chief with a fit and healthy force," he said. ##END## ----------------------------------------------------------------------- Send TRICARE related questions to: QUESTIONS@TMA.OSD.MIL To be automatically removed from this mailing list, send a message to TRICARE-OFF@CSDMAIL.MEDCOM.AMEDD.ARMY.MIL (leave subject and body blank). To be automatically added to this mailing list, send a message to TRICARE-ON@CSDMAIL.MEDCOM.AMEDD.ARMY.MIL (leave subject and body blank). Report mailing list problems to: POSTMASTER@CSDMAIL.MEDCOM.AMEDD.ARMY.MIL ----------------------------------------------------------------------- From: AFMC/CCC Generic Mailbox [mailto:HQAFMC.CCC@wpafb.af.mil] Sent: Monday, February 28, 2000 22:00 To: Barton, CMSgt Bruce; Brian, CMSgt Deborah; Bridges, Dave; Cleveland, Don; Czepiel, Len; Dickerson, Chuck; Edwards, Tom; Evans, Darlin; Hirons, Terry; Holmes, Frank; Johnson, Dan; Johnson, Tommy; Olesnevich, Edward; Schuster, Bill; Scott, Dean Cc: CCC1, HQ AFMC; CCC2, HQ AFMC; Bastaich, Paul; Davis, Gary; Defibaugh, Brian; Henson, David; Jungling, Scott; Lesieur, Dexter; Ramirez, Eduardo; Thompson, Gerry; VanBuren, MSgt Regina; Woods, Perry; Alt, Jeffrey; Babcock, David; Babin, Mitch; Blanton, Patricia; Blizzard, Bernard; Bryan, Teresa; Butler, Alan; Davis, Marvin; Diaz, Debbra; Fedarko, John; Gendron, Michael; Golden, Tom; Grant, Richard; Gray, Tim; Hagmaier, Thomas; Healey, Deborah; Kasch, Valerie; Knighton, Gary; Larrymore, Brien; Marlette, Hans; Pype, Achiel; Reinsmoen, Neil; Russell, Linda; Sandoval, Edward; Seeloff, Jeffrey; Seiler, William; Smith, Gregory; Trudics, David; Whorton, David; Williams, Christopher Subject: FW: New TRICARE Emergency Care Guidelines (00-106) Importance: Low Hello all! Excellent TRICARE information below for your info, use, and wide dissemination. Thanks. Chief Mazza -----Original Message----- From: Rich, Dawn, CMSgt, AF/CCC [mailto:Dawn.Rich@pentagon.af.mil] Sent: Monday, February 28, 2000 5:04 PM To: CMSgt Billy Blackburn, AFRC/CCC; CMSgt David Hill, AIA/CCC; CMSgt Gary Broadbent, NGB/CCC; CMSgt Joseph Markin, USSTRATCOM/CCC; CMSgt Ken Casey, USAFE/CCC; CMSgt Ken Hair, AETC/CCC; CMSgt Kenneth Van Holbeck, AMC/CCC; CMSgt Kevin Estrem, AFSPC/CCC; CMSgt Larry Palmer, 11Wing/CCC; CMSgt Marc Mazza, AFMC/CCC; CMSgt Mike Myers, USAFA/CCC; CMSgt Mike Reynolds, AFSOC/CCC; CMSgt Ray Carter, AFOSI/CCC; CMSgt Ron Crowl, PACAF/CCC Cc: Anthony Patterson; Frederick Finch; Rhonda Pelkey; Smith, Mark, SMSgt, AF/CCC; (11 WG) MSgt Anthony Twitty; (ACC) MSgt Sherry Ensor; (AFMC) MSgt Vivian Graham; (AFOSI) SrA Jamie Smith; (AFRC) MSgt Kim Schueler; (AFSOC) TSgt Norm Dykes; (AFSPC) TSgt Shirley DeMagistris; (AIA) MSgt Faye Johnson; (AMC) TSgt Patty Woodham; (NGB) SMSgt Malcolm Jones; (PACAF) TSgt Jeff Klausing; (USAFA) SSgt Janette Torres; (USAFE) SMSgt Maria Forehand; (USSTRATCOM) TSgt Eric Hittner Subject: FW: New TRICARE Emergency Care Guidelines Importance: Low FYI. CMSgt Rich For Immediate Release February 2000 Contact: Dan Smith New TRICARE Emergency Care Guidelines Most people don't think about planning for emergencies, but in the event a serious injury or illness strikes, it is good to know that TRICARE will be there to help. A recent TRICARE policy change incorporates the Prudent Layperson Standard into the emergency care definition. This means that someone with average knowledge of health and medicine could reasonably expect that the absence of medical attention would result in placing a person's health in serious jeopardy, serious impairment to bodily functions or serious dysfunction of any bodily organ or part. According to this definition, if you or a family member believe you have an emergency situation, TRICARE will cover the costs. An emergency is defined as a sudden and unexpected medical condition, or the worsening of a condition, which poses a threat to life, limb or sight, and requires immediate treatment; or a sudden, extremely painful condition which requires immediate treatment to alleviate suffering. Conditions which require emergency care could include loss of consciousness, shortness of breath, chest pain, uncontrolled bleeding, poisoning, suicide attempts, drug overdose, and major depression. If you need emergency care, go directly to the emergency room at the nearest hospital, or dial 911. If you are enrolled in Prime and you access emergency care, be sure that you or a family member notifies the Health Care Finder (HCF) within 24 hours, by calling (800) 406-2832, Option 4. It is also a good idea to notify your Primary Care Manager (PCM), so that he/she can arrange for appropriate follow up care. For more information about what constitutes an emergency, visit your local Beneficiary Services Representative (BSR) at the TRICARE Service Center nearest you. You may also call (800) 406-2832, Option #3. For More Information -- Please Contact Your Local TRICARE Service Center , Alan Moynihan , ANTHONY JOHNSON , Anthony Walker , Antonio Lopez , Autumn Pressley , Bertram Rice , BILL STEWART , BLAINE CAPPEL , BOABDIL PEREZ-CABAN , Bradley Coffman , Carlos Ortiz , CARY ROSSON , Celethia Deans , Chad Pillsbury , CHRIS OHLEMACHER , CYNTHIA ALGUESEVA , Cynthia Daniel , DANIEL TESTER , Darrell Hankins , DAVID MORRIS , DAWN LUKSIK , DEBBIE MEYERS , Dennis Bubla , Diane Lawson , Donald McKinstry , EDDIE MEZA , FERNANDO CHACON , FRED KENT , GARY BALLARD , GERALD MILLER , GREG GOODRICH , Harry Allen , JAMES DEMPSEY , JAMES SIMMONS , JEFFRY BRINLEY , Joe Miley , JOHN REILAND , John Segura , JOSEPH KASPER , LANCE SMITH , Larry Riggs , Lee Powe , Luisa Salazar , MALISSA TORRES , MARJORIE JONES , MARK TRAINOR , MELISSA POOLE , Michael Colby , MICHAEL VANCE , Michelle Latham , MSgt Puckett , MSgt Ryan , Paul Meuer , Raul Orosco , RAY SANCHEZ , Ricardo Gamundi , Richard Beshears , RICHARD JOHNSEN , Richard Mumford , Richard Scott , RICHARD WEBSTER , Robert Altmaier , Robert Garcia , Robert Hamilton , Robert Yarborough , ROLANDO GUERRA , Ronald Glisson , RUBEN PEREZ , Sammy Tate , Sgt Buchanon , SHERRY HOOG , Shirley Snooks , Terrance Wolberg , THOMAS SCHWENNESEN , TSgt Fregy , Vivian Reed , William Singleton , YOLANDA ENRIQUEZ , ALAN BOEDEKER , ALTON KIMBER , BETTY TATUM , Christopher Tota , DEBRA KASPER , DONALD CLINK , EDWIN PELAW , ELAINE STUART , GEORGE PEREZ , GONZALO PALOS , JEFFREY MELLENTHIN , JOHN CASTRO , Karl Rudorf , MONICA ROSEBORO , ROBERT GRACE , Steven Perez , THOMAS ROBINSON _/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/_/ _/ _/ _/ AIR FORCE COMPUTER EMERGENCY RESPONSE TEAM IP BULLETIN 00-0098 29 Feb 00 - 1400Z DO NOT REDISTRIBUTE OUTSIDE OF DOD CHANNELS WITHOUT EXPRESS PERMISSION FROM THE AFCERT Subject: AFCERT IP Bulletin for 28 - 29 Feb 2000 EXECUTIVE SUMMARY: This message contains new and updated AFCERT initiated IP blocks. Each of the following actions was taken due to AFCERT probing thresholds being met and appropriate blocking actions being initiated. A probe should be considered a precursor to further activity. Information has been passed to appropriate intellegince organizations to determine if heightened awareness in the I&W system is warranted. 1. Each blocking action contains: Source IP and resolution, Blocked IP/Domain, Source Registration, Type of Probe, associated AFCERT Suspicious Event Report (SER), Start Date of the Probe, and a recommended blocking action removal date. A. SOURCE IP: 208.32.10.161 (unknown.host.domain) BLOCKED IP/DOMAIN: 208.32.10.161 SOURCE REGISTRATION: intervu San Diego, California TYPE OF PROBE: sunrpc SER: 2000-1001 START DATE: 28 Feb 00 BLOCK REMOVAL: 29 Mar 00 B. SOURCE IP: 212.129.5.49 (dyn-212-129-5-49.paris.none.net) BLOCKED IP/DOMAIN: 212.129.5.49 SOURCE REGISTRATION: None Networks Paris, France TYPE OF PROBE: FTP SER: 2000-1003 START DATE: 28 Feb 00 BLOCK REMOVAL: 29 Mar 00 C. SOURCE IP: 208.129.15.130 (mail.maaa.org) BLOCKED IP/DOMAIN: 208.129.15.130 SOURCE REGISTRATION: Samuel U. Rodgers Community Health Centers Kansas City, Missouri TYPE OF PROBE: Multi-service SER: 2000-1006 START DATE: 28 Feb 00 BLOCK REMOVAL: 29 Mar 00 D. SOURCE IP: 206.173.173.246 (ts025d42.lap-ca.concentric.net) BLOCKED IP/DOMAIN: 206.173.173.0 SOURCE REGISTRATION: Concentric Network Corporation Los Angeles, California TYPE OF PROBE: Multi-service SER: 2000-1019 START DATE: 29 Feb 00 BLOCK REMOVAL: 30 Mar 00 The AFCERT contacted the Air Force Internet Control Center (AFINCC) and had the source IPs or domains blocked at AFINCC controlled routers. If your location has other access routes to the Internet, request you initiate similary blocking actions at the local level. AFCERT will coordinate with the AFINCC to discontinue blocking actions on AFIN controlled routers. Local blocking actions may be removed in accordance with the dates listed above. 2. Blocking action change and updates: None 3. AFCERT action should not be construed as evidence of a belief that any particular person or entity associated with the IP is a witting participant in the intrusion activity. If you are not part of the Air Force community, please contact your agency's response team to report incidents. Other teams include DISA-ASSIST team, Army's ACERT, Navy's NAVCIRT, DARPA's CERT/CC, DOE's CIAC, and NASA's NASIRC. Your agency's team will coordinate with the AFCERT. 4. AFCERT Advisories, Bulletins, and Virus Notifications, ASSIST Bulletins, The DoD Anti-Viral product and other security tools are available on our anonymous ftp server. ********************************************************************* * DO NOT REDISTRIBUTE BEYOND THE DOD AND DOD CONTRACTUAL * * SUPPORT COMMUNITIES OR EDIT THIS DOCUMENT IN ANY WAY * * UNLESS AFCERT GRANTS EXPRESS PERMISSION TO DO SO. * * DISSEMINATE AND MAINTAIN ONLY ON DOD CONTROLLED COMPUTER * * NETWORKS. * * * * THE DOD AND DOD CONTRACTUAL SUPPORT COMMUNITIES INCLUDE * * INDIVIDUALS WITHIN THE DOD COMMUNITY OR OPERATING IN SUPPORT * * OF A DOD CONTRACT, GRANT, OR INTER-AGENCY AGREEMENT. * * * * QUESTIONS REGARDING THIS DOCUMENT OR REQUESTS FOR PERMISSION * * TO EDIT OR REDISTRIBUTE SHOULD BE DIRECTED TO AFCERT USING * * ONE OF THE METHODS LISTED BELOW: * * * * AFIWC/EAA DSN: 969-3157 * * 102 HALL BLVD STE 215 COML: (210)977-3157 * * SAN ANTONIO TX 78243-7013 HOTLINE: 1(800)854-0187 * * * * E-MAIL: AFCERT@AFCERT.KELLY.AF.MIL UNCLAS FAX: DSN 969-3632 * * FTP - FTP://AFCERT.KELLY.AF.MIL SECURE FAX: DSN 969-3633 * * WEB - HTTP://AFCERT.KELLY.AF.MIL IP ADDRESS: 137.242.142.199 * ********************************************************************* -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv (deleted) SSMTP:DONALD.SCHONE@LANGLEY.AF.MIL XWA FV00220224000009456111FV64344Z MCGREGOR RANGE ASP FORT BLISS TXHCRL C3C79916 022300RUVKRIS314800N1062500 WANG D DFBLDG 9903 MCGREGOR RAN 204 SFS 1733 PLEASONTON RD XWA FV00220224000009456113EZ15161MF44BOEING AIRCRAFT/MISSST CHARLES MO 69 633018331 022300ZZZZZZZ000000N0000000W AFMC HWY 9 N AND HARPOON D XWA FV00210224000009456111FV64344Z MCGREGOR RANGE ASP FORT BLISS TXHCRL C3C79916 022300RUVKRIS314800N1062500W ANG D DFBLDG 9903 MCGREGOR RAN 204 SFS 1733 PLEASONTON RD XWA FV00210224000009456113EZ15161MF44BOEING AIRCRAFT/MISSST CHARLES MO 69 633018331 022300ZZZZZZZ000000N0000000W AFMC HWY 9 N AND HARPOON D XWA FV00190224000009456111FV64344Z MCGREGOR RANGE ASP FORT BLISS TXHCRL C3C79916 022300RUVKRIS314800N1062500W ANG D DFBLDG 9903 MCGREGOR RAN 204 SFS 1733 PLEASONTON RD XWA FV00190224000009456113EZ15161MF44BOEING AIRCRAFT/MISSST CHARLES MO 69 633018331 022300ZZZZZZZ000000N0000000W AFMC HWY 9 N AND HARPOON D XWA FV00180224000009456111FV64344Z MCGREGOR RANGE ASP FORT BLISS TXHCRL C3C79916 022300RUVKRIS314800N1062500W ANG D DFBLDG 9903 MCGREGOR RAN 204 SFS 1733 PLEASONTON RD XWA FV00180224000009456113EZ15161MF44BOEING AIRCRAFT/MISSST CHARLES MO 69 633018331 022300ZZZZZZZ000000N0000000W AFMC HWY 9 N AND HARPOON D XWA FV00150224000009456111FV64344Z MCGREGOR RANGE ASP FORT BLISS TXHCRL C3C79916 022300RUVKRIS314800N1062500W ANG D DFBLDG 9903 MCGREGOR RAN 204 SFS 1733 PLEASONTON RD XWA FV00150224000009456113EZ15161MF44BOEING AIRCRAFT/MISSST CHARLES MO 69 633018331 022300ZZZZZZZ000000N0000000W AFMC HWY 9 N AND HARPOON D XWA FV00130224000009456111FV64344Z MCGREGOR RANGE ASP FORT BLISS TXHCRL C3C79916 022300RUVKRIS314800N1062500W ANG D DFBLDG 9903 MCGREGOR RAN 204 SFS 1733 PLEASONTON RD XWA FV00130224000009456113EZ15161MF44BOEING AIRCRAFT/MISSST CHARLES MO 69 633018331 022300ZZZZZZZ000000N0000000W AFMC HWY 9 N AND HARPOON D XWA FV00110224000009456111FV64344Z MCGREGOR RANGE ASP FORT BLISS TXHCRL C3C79916 022300RUVKRIS314800N1062500W ANG D DFBLDG 9903 MCGREGOR RAN 204 SFS 1733 PLEASONTON RD XWA FV00110224000009456113EZ15161MF44BOEING AIRCRAFT/MISSST CHARLES MO 69 633018331 022300ZZZZZZZ000000N0000000W AFMC HWY 9 N AND HARPOON D XWA FV00090224000009456111FV64344Z MCGREGOR RANGE ASP FORT BLISS TXHCRL C3C79916 022300RUVKRIS314800N1062500W ANG D DFBLDG 9903 MCGREGOR RAN 204 SFS 1733 PLEASONTON RD XWA FV00090224000009456113EZ15161MF44BOEING AIRCRAFT/MISSST CHARLES MO 69 633018331 022300ZZZZZZZ000000N0000000W AFMC HWY 9 N AND HARPOON D XWA FV00080224000009456111FV64344Z MCGREGOR RANGE ASP FORT BLISS TXHCRL C3C79916 022300RUVKRIS314800N1062500W ANG D DFBLDG 9903 MCGREGOR RAN 204 SFS 1733 PLEASONTON RD XWA FV00080224000009456113EZ15161MF44BOEING AIRCRAFT/MISSST CHARLES MO 69 633018331 022300ZZZZZZZ000000N0000000W AFMC HWY 9 N AND HARPOON D XWA FV00060224000009456111FV64344Z MCGREGOR RANGE ASP FORT BLISS TXHCRL C3C79916 022300RUVKRIS314800N1062500W ANG D DFBLDG 9903 MCGREGOR RAN 204 SFS 1733 PLEASONTON RD XWA FV00060224000009456113EZ15161MF44BOEING AIRCRAFT/MISSST CHARLES MO 69 633018331 022300ZZZZZZZ000000N0000000W AFMC HWY 9 N AND HARPOON D XWA FV00030224000009456111FV64344Z MCGREGOR RANGE ASP FORT BLISS TXHCRL C3C79916 022300RUVKRIS314800N1062500W ANG D DFBLDG 9903 MCGREGOR RAN 204 SFS 1733 PLEASONTON RD XWA FV00030224000009456113EZ15161MF44BOEING AIRCRAFT/MISSST CHARLES MO 69 633018331 022300ZZZZZZZ000000N0000000W AFMC HWY 9 N AND HARPOON D ** From: Ryan Joseph R MSGT 651MUNS/LGWC [mailto:JOSEPH.RYAN @KELLY.AF.MIL] Sent: Friday, January 07, 2000 2:56 PM To: Paskewitz Butch Contr HQ AFMC/DRAW Subject: RE: CAS-B update Butch with all the hardware problems I have experience I haven't followed up on that. I just checked the BIF and is shows " SRAN(S) FV6434 NOT IN DATABASE" We will force a RCON tonight in CAS. My understanding in speaking with CAS FAB, I can't do anything until I see the SRAN in the BIF. I spoke with the agency and asked them (SSgt Cruise) to supply me with the information they need as far as Screen menus etc. Still no word from them. Any help you could provide would be most appreciated. Just FYI we are still waiting on the A/C to get fix (part is B/O). We are running to portable self contained A/C units which barely maintain temperature around 80-82 degrees. Not the best environment for CAS. The sub-floor for our CAS room is destroyed. See photo. I submitted a hazard form on it. C.E. is looking into replacement. Thanks, Joe JOSEPH R. RYAN, MSgt USAF Superintendent, Control/CASB Flight 651 MUNS/LGWC, DSN: 473-4898 COM: 210-671-4898 FAX: 210-671-1518 1447 Service Road, Bldg. 444, Rm. 110 Lackland AFB, (Medina Annex) TX 78236-5719 joseph.ryan@.kelly.af.mil I.Y.A. AMMO Y.A.S. From: Ryan Joseph R MSGT 651MUNS/LGWC [mailto:JOSEPH.RYAN @KELLY.AF.MIL] Sent: Friday, January 07, 2000 12:34 PM To: Butch Paskewitz (E-mail); Cardenas F (E-mail); Carl Woods (E-mail); Glover Brett MSgt 19AF/AETC/LGM (E-mail); Gomez R (E-mail); James Johnson (E-mail) Subject: CAS-B update CAS status is: - Christmas week we lost the ability to backup our database to the 8MM tape deck. We started using the Q-Tape for daily backups. - When we tried to run a monthly to the Q-tape the tape failed to respond. Since then we have tried to do some trouble shooting on the system. - On Wednesday we were unable to go into Firmware mode to run the programs for diagnostic. NOTE: The system runs fine for CAS applications. Tuesday and Wednesday we were unable to make daily backups. Also, we still have no monthly. Thursday evening we were able to make a daily backup on the Q-Tape. We are still unable to get into the diagnostic mode as of today. Lucent Tech. will be coming out next week sometime to check the system board and replace it if they determine that is the problem. - We are working on getting our 8MM tape drive shipped out for repair. System was down on afternoon for Wednesday, Thursday, and the morning of Friday to fixed for diagnostic purposes of the system. I apologize for any inconvenience this has caused. We only bring the system down during duty hours when we are directed by FAB. It is our policy to give you the most processing time possible for your duty hours. JOSEPH R. RYAN, MSgt USAF Superintendent, Control/CASB Flight 651 MUNS/LGWC, DSN: 473-4898 COM: 210-671-4898 FAX: 210-671-1518 1447 Service Road, Bldg. 444, Rm. 110 Lackland AFB, (Medina Annex) TX 78236-5719 joseph.ryan@.kelly.af.mil I.Y.A. AMMO Y.A.S. > From: Swopes Robin Civ HQ AFMC/DRA On Behalf Of AFMC/DRA > Sent: Tuesday, February 01, 2000 1:52 PM > To: Koveleskie Ed W TSgt HQ AFMC/DRAW; Anderson Charles S SSgt HQ > AFMC/DRAW > Subject: FW: [S] COMBAT AMMUNITION SYSTEM (CAS-B) REPLATFORM TRAINING > > > > > ROBIN SWOPES > Program Analyst (HQ AFMC/DRA) > 63963 > > -----Original Message----- > From: Jackson Gail L Civ HQ AFMC/DRP > Sent: Tuesday, February 01, 2000 1:43 PM > To: AFMC/DRA > Subject: FW: [S] COMBAT AMMUNITION SYSTEM (CAS-B) REPLATFORM TRAINING > > > > > ---------- > From: 88 CS/SCMOA BCC1 > Sent: Tuesday, February 01, 2000 10:13 AM > To: AFMC/DR Generic Mailbox > Subject: [S] COMBAT AMMUNITION SYSTEM (CAS-B) REPLATFORM TRAINING > > > RAAUZYUW RHCPGUN5973 0321513-UUCC--RUVAFMC. > ZNR UUUCC > R 312004Z JAN 00 > FM HQ SSG MAXWELL AFB-GUNTER ANNEX AL//ILW// > TO AIG 12859 > AIG 10041 > INFO RCHPGUN/HQ SSG MAXWELL AFB-GUNTER ANNEX AL//ILWE// > BT > ***THIS IS A 2 SECTIONED MSG COLLATED BY MDS*** > UNCLAS > SUBJ: COMBAT AMMUNITION SYSTEM (CAS-B) REPLATFORM TRAINING > > 1. THIS MESSAGE IS DETAILED NOTIFICATION FOR THE CAS-B REPLATFORM > TRAINING TO BE ADMINISTERED AT EACH HOST SITE, IN CONJUNCTION WITH > THE CONVERSION FROM THE AT&T 3B2 TO THE DELL 6300 SERVER. > > 2. THE CAS PMO WILL CONDUCT FAMILIARIZATION TRAINING FOR TWO SITE > ADMINISTRATORS IN CONJUNCTION WITH THE DELIVERY OF THE DELL > HARDWARE/SOFTWARE PLATFORM. > > 3. THE TRAINING WILL ENCOMPASS TWO DAYS IN THE FOLLOWING AREAS: > > A. CONDUCT HARDWARE OVERVIEW- FOR EXAMPLE, THE NEW SYSTEM UTILIZES > PAGE 02 RHCPGUN5973 UNCLAS > 4MM TAPE AND CD- ROM AS THE PRIMARY MEDIAN FOR SOFTWARE DISTRIBUTION > AND BACK-UP PROCEDURES. > > B. SCO-UNIX OPERATING SYSTEM-HIGHLIGHT CHANGES FROM AT&T V.5 TO > UNIXWARE 7.0 OPERATING SYSTEM. > > C. TITANIUM MDBS- CLARIFY NEW TERMINOLOGY AND PERFORM AN OVERVIEW ON > AVAILABLE UTILITIES. > > D. PERFORM POWER-UP AND POWER-DOWN PROCEDURES. > > E. RUN BEGINNING-OF-DAY/END-OF-DAY (BOD/EOD) PROCESSES > > F. DEMONSTRATE THE SYSTEM ADMINISTRATOR CAPABILITY TO MARK INTERNAL > REPORT PAGES BY SYSTEM DESIGNATOR TO REFLECT THE PROPER SECURITY > MARKING. > > 4. THE CAS PMO WILL DEPLOY SIX IMPLEMENTATION TEAMS TO VARIOUS > GEOGRAPHICAL LOCATIONS, TO TRANSITION HOST CAS-B SITES. WE WILL > PERFORM QT & E II AT EGLIN AFB FL FROM 09 JUN 00 THROUGH 20 JUL 00. > PAGE 03 RHCPGUN5973 UNCLAS > THE FOLLOWING SCHEDULE REFLECTS TENTATIVE DATES, AND LOCATIONS. > > CAS IMPLEMENTATION SCHEDULE > > IMPLEMENTATION TEAM 1/ILWE 04-SEP-00 17-NOV-00 > > > HURLBURT 04-SEP-00 08-SEP-00 > > TYNDALL 11-SEP-00 15-SEP-00 > > MOODY 25-SEP-00 29-SEP-00 > > SHAW 02-OCT-00 06-OCT-00 > > POPE 09-OCT-00 13-OCT-00 > > SEYMOUR JOHNSON 23-OCT-00 27-OCT-00 > > LANGLEY 30-OCT-00 03-NOV-00 > PAGE 04 RHCPGUN5973 UNCLAS > > BURLINGTON 13-NOV-00 17-NOV-00 > > > IMPLEMENTATION TEAM 2/ILWE 04-SEP-00 27-OCT-00 > > > MINOT 04-SEP-00 08-SEP-00 > > ELLSWORTH 11-SEP-00 15-SEP-00 > > FE WARREN 25-SEP-00 29-SEP-00 > > MCCONNELL 02-OCT-00 06-OCT-00 > > WHITEMAN 16-OCT-00 20-OCT-00 > > BARKSDALE 23-OCT-00 27-OCT-00 > > > PAGE 05 RHCPGUN5973 UNCLAS > IMPLEMENTATION TEAM 3/ILWE 04-SEP-00 10-NOV-00 > > > SHEPPARD 04-SEP-00 08-SEP-00 > > LACKLAND 11-SEP-00 15-SEP-00 > > DYESS 25-SEP-00 29-SEP-00 > > CANNON 02-OCT-00 06-OCT-00 > > HOLLOMAN 16-OCT-00 20-OCT-00 > > DAVIS MONTHAN 30-OCT-00 03-NOV-00 > > LUKE 06-NOV-00 10-NOV-00 > > > IMPLEMENTATION TEAM 4/ILWE 04-SEP-00 03-NOV-00 > > PAGE 06 RHCPGUN5973 UNCLAS > > MCCHORD 04-SEP-00 08-SEP-00 > > FAIRCHILD 11-SEP-00 15-SEP-00 > > MT HOME 25-SEP-00 29-SEP-00 > > HILL 02-OCT-00 06-OCT-00 > > BEALE 09-OCT-00 13-OCT-00 > > NELLIS 23-OCT-00 27-OCT-00 > > EDWARDS 30-OCT-00 03-NOV-00 > > > IMPLEMENTATION TEAM 5/ILWO 11-SEP-00 07-NOV-00 > > > FAIRFORD 11-SEP-00 19-SEP-00 > > LAKENHEATH 20-SEP-00 28-SEP-00 > > RAMSTEIN 29-SEP-00 09-OCT-00 > > SPANGDAHLEM 10-OCT-00 18-OCT-00 > > AVIANO 19-OCT-00 27-OCT-00 > > CAMP DARBY 30-OCT-00 07-NOV-00 > > > IMPLEMENTATION TEAM 6/ILWE 04-SEP-00 17-NOV-00 > PAGE 02 RHCPGUN5974 UNCLAS > > > EIELSON 04-SEP-00 12-SEP-00 > > ELMENDORF 13-SEP-00 21-SEP-00 > > ANDERSEN 02-OCT-00 10-OCT-00 > > KADENA 11-OCT-00 19-OCT-00 > > MISAWA 20-OCT-00 30-OCT-00 > > OSAN 31-OCT-00 08-NOV-00 > > KUNSAN 09-NOV-00 17-NOV-00 > > > 5. THIS SCHEDULE IS SUBJECT TO REVISION AND MODIFICATIONS AS NEEDED > DUE TO UNFORSEEN PROBLEMS WITH HARDWARE, SOFTWARE, PERSONNEL, OR > OTHER SITUATIONS BEYOND THE CAS PMO CONTROL. IF YOUR UNIT CAN'T > PAGE 03 RHCPGUN5974 UNCLAS > SUPPORT THE PROJECTED SCHEDULE, PLEASE CONTACT CAS POC TSGT MIKE > GRAYSON OR SSGT CARL ARROWOOD DSN 596-1925 OR 596-5105 FOR > RESCHEDULING. E-MAIL COMMENTS TO MICHAEL.GRAYSON@GUNTER.AF.MIL OR > WILLIAM.ARROWOOD@GUNTER.AF.MIL. RESCHEDULE REQUESTS MUST BE > COORDINATED WITH FLIGHT CHIEFS AND MAJCOM(S). > > 6. ILW POC FOR THIS MSG IS TSGT MICHAEL GRAYSON, DSN 596-1925. > > > > > > > BT > #5973 > NNNN > > Section 1: PSN > Section 2: PSN > > Received: from kellyavgate.kelly.af.mil ([137.242.35.197]) by fsmbpb03.KELLY.AF.MIL with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.10) id 1H8N5Y2B; Tue, 29 Feb 2000 13:52:06 -0600 Received: from 209.58.86.21 by KELLYAVGATE.KELLY.AF.MIL (InterScan E-Mail VirusWall NT); Tue, 29 Feb 2000 13:58:09 -0600 (Central Standard Time) Received: from 1in2pumper1 (unknown [172.16.3.250]) by 1pn2smtp1.flonetwork.com (Postfix) with SMTP id 649047F3B for ; Tue, 29 Feb 2000 14:53:07 -0500 (EST) Message-Id: " Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit From: CNET News.com Dispatch To: joseph.ryan@KELLY.AF.MIL Subject: Riding the wireless wave/You've got access/Building on Java Date: Tue, 29 Feb 2000 14:53:07 -0500 (EST) I gather this means each base is responsible for paying for the encryption equipment? Please let me know so I can pass this requirement on to the AFMC bases. To AFMC Bases, Please pass on to whoever needs to work this at your base. E-mail below identifies who to contact for ordering KG-84s to support the CAS-B replatform initiative. It's important that everybody understands that the new CAS-B system will be system high secret. This means that each terminal connecting to the CAS-B server through unsecured lines will require encryption equipment (KG-84, STU-III, 1910 Data STU, etc). Attached is the tentative implementation schedule. Butch Paskewitz > -----Original Message----- > From: Robin.Johnson@Gunter.AF.mil [mailto:Robin.Johnson@Gunter.AF.mil] > > Sent: Friday, February 18, 2000 8:46 AM > To: brett.glover@RANDOLPH.AF.MIL; mark.jankowski@peterson.af.mil; > ed.koveleskie@wpafb.af.mil; richard.mcdonald@hurlburt.af.mil; > bud.rabuano@AFRC.AF.MIL > Cc: Gregory.Wilson@Gunter.AF.mil > Subject: FW: KG-84A for CASB PROGRAM > > > Gents, just a heads up in case you need KGs for the replatform project. > Remember, the system is classified system high secret - meaning all > terminals require crypto. Thanks, Robin > > -----Original Message----- > > From: Casanova Albert GS-11 ESC/DIWP > [SMTP:albert.casanova@KELLY.AF.MIL] > > > Sent: Tuesday, February 15, 2000 13:05 > > To: Ford Jeffery A Maj HQ SSG/ILW; robin.johnson@Gunter.AF.mil; > > Seminario Fernando A MSgt ACC/XOMW; mike.hershey@ramstein.af.mil; Wilson > > Gregory L MSgt HQ SSG/ILWR; kevin.nero@ginter.af.mil; Trescott Robert > TSgt > > PACAF/LGWL > > Cc: Kirk Rodney GS-12 ESC/DIWP; Kocurek Francis GS-11 ESC/DIWP > > Subject: KG-84A for CASB PROGRAM > > > > Our office is ready to support your KG-84A requirements for the > CASB > > Program. You may submit requisitions to the Supporting Supply Activity > for > > your location at anytime. > > > > If you have any questions or require additional information please > > contact Albert Casanova at DSN 969-2018 or Gene Kocurek at DSN 969-2751. > > > > Thank You, > > > > Albert Casanova > > Equipment Specialist > > ESC/DIWP > > albert.casanova@kelly.af.mil > > > > > > From: Schone Donald P Civ ACC/XOMW [mailto:donald.schone@langley.af.mil] Sent: Tuesday, February 29, 2000 12:36 PM To: Paskewitz Butch Contr HQ AFMC/DRRW Cc: Kiefer, Robert Civ Subject: RE: CAS-B update Butch We do not have FV6434 loaded in our BIF, please check to see if you have it since each command has their own tables. If CAS-A sent it out they should have sent the update to all MAJCOM's not just FV0022. If you don't show it please ask CAS-A to resend to everyone. If you do have it please check to see if Medina (San Antonio FV2053) has the update, they were down (no line connection) and I just passed a lot of DDN to them yesterday the 28th. If they do not have it than you need to go into "PUSHDATA" on your cas-c menu and push the bif update to them, call if you need some help. Have a nice day. Don -----Original Message----- From: Paskewitz Butch Contr HQ AFMC/DRRW [mailto:Butch.Paskewitz@wpafb.af.mil] Sent: Tuesday, February 29, 2000 6:49 AM To: Don Schone (E-mail) Cc: Ryan Joseph R MSGT 651MUNS/LGWC (E-mail); Dan Roberts (E-mail); Charles Anderson; Ed Koveleskie; Gary Knighton; Marvin Paskewitz Subject: FW: CAS-B update Don, Can you or Bob make sure this transaction was run. We are trying to get FV6434 BIF info loaded in the Medina CAS-B so they can load them as a satellite. Also, can you provide Medina with any other info or help they may need to get the SRAN rehosted. MSgt Joe Ryan is the Medina POC, DSN 473-4898. Thanks! Butch -----Original Message----- From: Hutchison Troy TSgt OO-ALC/WMCC [mailto:Troy.Hutchison@HILL.af.mil] Sent: Tuesday, February 29, 2000 8:48 AM To: 'Paskewitz Butch Contr HQ AFMC/DRRW' Subject: RE: CAS-B update Butch The XWA BIF Change transaction was in our outgiong DDN on the 24th. Here is a copy of the transaction. Check with Bob Kifer 574-4013 to see if he had any errors in processing it on the 25th. Hutch -----Original Message----- From: Paskewitz Butch Contr HQ AFMC/DRRW [mailto:Butch.Paskewitz@wpafb.af.mil] Sent: Monday, February 28, 2000 3:05 PM To: 'Troy Hutchison (E-mail)' Cc: Paskewitz Butch Contr HQ AFMC/DRRW Subject: FW: CAS-B update Importance: High Troy, I do not see SRAN 6434 in my CAS-C and Medina still does not see it. What's up? Did you send it to AFMC or ANG? Butch -----Original Message----- From: Ryan Joseph R MSGT 651MUNS/LGWC [mailto:JOSEPH.RYAN @KELLY.AF.MIL] Sent: Tuesday, February 01, 2000 11:07 AM To: Paskewitz Butch Contr HQ AFMC/DRAW Subject: RE: CAS-B update Butch, As of this email the SRAN is not loaded. I don't believe there is anything I can do till the BIF reflects the SRAN. Joe JOSEPH R. RYAN, MSgt USAF Superintendent, Control/CASB Flight 651 MUNS/LGWC, DSN: 473-4898 COM: 210-671-4898 FAX: 210-671-1518 1447 Service Road, Bldg. 444, Rm. 110 Lackland AFB, (Medina Annex) TX 78236-5719 joseph.ryan@.kelly.af.mil I.Y.A. AMMO Y.A.S. -----Original Message----- From: Paskewitz Butch Contr HQ AFMC/DRAW [mailto:Butch.Paskewitz@wpafb.af.mil] Sent: Monday, January 31, 2000 11:07 AM To: 'Ryan Joseph R MSGT 651MUNS/LGWC' Cc: Dan Roberts (E-mail); Charles Anderson; Ed Koveleskie; Gary Knighton; Marvin Paskewitz Subject: RE: CAS-B update Ryan, Has SRAN 6434 shown up in your BIF yet? CAS-A told me they pushed it. They also said I would have to push it down to you, but it hasn't shown up in my BIF. I believe the ANG will have to push it to you. Let me know what the status is. Thanks! Butch -----Original Message----- From: Ryan Joseph R MSGT 651MUNS/LGWC [mailto:JOSEPH.RYAN @KELLY.AF.MIL] Sent: Friday, January 07, 2000 2:56 PM To: Paskewitz Butch Contr HQ AFMC/DRAW Subject: RE: CAS-B update Butch with all the hardware problems I have experience I haven't followed up on that. I just checked the BIF and is shows " SRAN(S) FV6434 NOT IN DATABASE" We will force a RCON tonight in CAS. My understanding in speaking with CAS FAB, I can't do anything until I see the SRAN in the BIF. I spoke with the agency and asked them (SSgt Cruise) to supply me with the information they need as far as Screen menus etc. Still no word from them. Any help you could provide would be most appreciated. Just FYI we are still waiting on the A/C to get fix (part is B/O). We are running to portable self contained A/C units which barely maintain temperature around 80-82 degrees. Not the best environment for CAS. The sub-floor for our CAS room is destroyed. See photo. I submitted a hazard form on it. C.E. is looking into replacement. Thanks, Joe JOSEPH R. RYAN, MSgt USAF Superintendent, Control/CASB Flight 651 MUNS/LGWC, DSN: 473-4898 COM: 210-671-4898 FAX: 210-671-1518 1447 Service Road, Bldg. 444, Rm. 110 Lackland AFB, (Medina Annex) TX 78236-5719 joseph.ryan@.kelly.af.mil I.Y.A. AMMO Y.A.S. -----Original Message----- From: Paskewitz Butch Contr HQ AFMC/DRAW [mailto:Butch.Paskewitz@wpafb.af.mil] Sent: Friday, January 07, 2000 1:01 PM To: 'Ryan Joseph R MSGT 651MUNS/LGWC' Subject: RE: CAS-B update Ryan, Did you pick up the support for FV6434? I have not heard the status on this. Appreciate an update and let me know if you needs us to do anything for you. Thanks! Butch -----Original Message----- From: Ryan Joseph R MSGT 651MUNS/LGWC [mailto:JOSEPH.RYAN @KELLY.AF.MIL] Sent: Friday, January 07, 2000 12:34 PM To: Butch Paskewitz (E-mail); Cardenas F (E-mail); Carl Woods (E-mail); Glover Brett MSgt 19AF/AETC/LGM (E-mail); Gomez R (E-mail); James Johnson (E-mail) Subject: CAS-B update CAS status is: - Christmas week we lost the ability to backup our database to the 8MM tape deck. We started using the Q-Tape for daily backups. - When we tried to run a monthly to the Q-tape the tape failed to respond. Since then we have tried to do some trouble shooting on the system. - On Wednesday we were unable to go into Firmware mode to run the programs for diagnostic. NOTE: The system runs fine for CAS applications. Tuesday and Wednesday we were unable to make daily backups. Also, we still have no monthly. Thursday evening we were able to make a daily backup on the Q-Tape. We are still unable to get into the diagnostic mode as of today. Lucent Tech. will be coming out next week sometime to check the system board and replace it if they determine that is the problem. - We are working on getting our 8MM tape drive shipped out for repair. System was down on afternoon for Wednesday, Thursday, and the morning of Friday to fixed for diagnostic purposes of the system. I apologize for any inconvenience this has caused. We only bring the system down during duty hours when we are directed by FAB. It is our policy to give you the most processing time possible for your duty hours. JOSEPH R. RYAN, MSgt USAF Superintendent, Control/CASB Flight 651 MUNS/LGWC, DSN: 473-4898 COM: 210-671-4898 FAX: 210-671-1518 1447 Service Road, Bldg. 444, Rm. 110 Lackland AFB, (Medina Annex) TX 78236-5719 joseph.ryan@.kelly.af.mil I.Y.A. AMMO Y.A.S. CzReceived: from kellyavgate.kelly.af.mil ([137.242.35.197]) by fsmbpb03.KELLY.AF.MIL with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.10) id 1H8N6DJP; Wed, 1 Mar 2000 07:25:05 -0600 Received: from 129.61.146.22 by KELLYAVGATE.KELLY.AF.MIL (InterScan E-Mail VirusWall NT); Wed, 01 Mar 2000 07:31:09 -0600 (Central Standard Time) Received: from sw2.eglin.af.mil (root@localhost) by sw2.eglin.af.mil with ESMTP id HAA18230; Wed, 1 Mar 2000 07:26:53 -0600 (CST) Received: from postman.eglin.af.mil (postman.eglin.af.mil [129.61.132.2]) by sw2.eglin.af.mil with ESMTP id HAA18215; Wed, 1 Mar 2000 07:26:52 -0600 (CST) Received: from mailhub1.eglin.af.mil (mailhub1.eglin.af.mil [129.61.201.9]) by postman.eglin.af.mil (8.9.3/8.9.3) with ESMTP id HAA28301; Wed, 1 Mar 2000 07:26:51 -0600 (CST) Received: by mailhub1.eglin.af.mil with Internet Mail Service (5.5.2448.0) id ; Wed, 1 Mar 2000 07:26:50 -0600 Message-ID: From: Shields Jack A SMSgt 46 MXS/LGMW To: Paskewitz Butch Contr HQ AFMC/DRRW , "Robin Johnson (E-mail)" Cc: Shields Jack A SMSgt 46 MXS/LGMW , "'651MUNS' (E-mail)" <651muns@KELLY.AF.MIL>, Burris Rodney A MSgt 88 OSS/OSM , "'MSgt Eastling' (E-mail)" , "'SSgt Wheeler' (E-mail)" , "CMSgt Brown (E-mail)" , "'MSgt Segelken' (E-mail)" , "'MSgt Shiraki' (E-mail)" , "Perry. Mitchell (E-mail)" , "'Byrne Shawn P SMSgt 649MUNS/LGAD' (E-mail)" , "412 EMS/LGMSM' (E-mail)" , "AMARC/LGLP (E-mail)" , Mandel Bonnie B Civ 46 MXS/LGMW , "'Bortfeld Donald J SSgt 898 MUNS/LGWMO' (E-mail)" , Bryant Jeffrey D TSgt 33 MXS/LGMWHA , "Cathy. Sanders (E-mail)" , "Jackie Rowe (E-mail)" , "Ryan Joseph R MSGT 651MUNS/LGWC (E-mail)" , "Thomas Gonsor (E-mail)" , "'Mr Brady' (E-mail)" , Charles Anderson , Ed Koveleskie , Gary Knighton Subject: RE: KG-84A for CASB PROGRAM Date: Wed, 1 Mar 2000 07:22:20 -0600 X-MS-TNEF-Correlator: X-Mailer: Internet Mail Service (5.5.2448.0) KG-84's are depot funded. Additionally, at last check, there was an abundance of the A-models available. As far as connection requirements go, only non-direct- connect terminals require encryption. Those connected directly to the server/ mainframe within the computer facility are okay without KGs. Jack (C)MSgt JACK A. SHIELDS 46th AMMO -----Original Message----- From: Paskewitz Butch Contr HQ AFMC/DRRW [SMTP:Butch.Paskewitz @wpafb.af.mil] Sent: Tuesday, February 29, 2000 10:21 AM To: Robin Johnson (E-mail) Cc: Jack Shields (E-mail); '651MUNS' (E-mail); Burris Rodney A MSgt 88 OSS/OSM; 'MSgt Eastling' (E-mail); 'SSgt Wheeler' (E-mail); CMSgt Brown (E-mail); 'MSgt Segelken' (E-mail); 'MSgt Shiraki' (E-mail); Perry. Mitchell (E-mail); 'Byrne Shawn P SMSgt 649MUNS/LGAD' (E-mail); 412 EMS/LGMSM' (E-mail); AMARC/ LGLP (E-mail); Bonnie B. Mandel (E-mail); 'Bortfeld Donald J SSgt 898 MUNS/ LGWMO' (E-mail); Bryantjd (E-mail); Cathy. Sanders (E-mail); Jackie Rowe (E-mail); Ryan Joseph R MSGT 651MUNS/LGWC (E-mail); Thomas Gonsor (E-mail); 'Mr Brady' (E-mail); Charles Anderson; Ed Koveleskie; Gary Knighton; Marvin Paskewitz Subject: FW: KG-84A for CASB PROGRAM Robin, I gather this means each base is responsible for paying for the encryption equipment? Please let me know so I can pass this requirement on to the AFMC bases. To AFMC Bases, Please pass on to whoever needs to work this at your base. E-mail below identifies who to contact for ordering KG-84s to support the CAS-B replatform initiative. It's important that everybody understands that the new CAS-B system will be system high secret. This means that each terminal connecting to the CAS-B server through unsecured lines will require encryption equipment (KG-84, STU-III, 1910 Data STU, etc). Attached is the tentative implementation schedule. << Message: FW: [S] COMBAT AMMUNITION SYSTEM (CAS-B) REPLATFORM TRAINING >> Butch Paskewitz -----Original Message----- From: Robin.Johnson@Gunter.AF.mil [mailto:Robin.Johnson@Gunter.AF.mil] Sent: Friday, February 18, 2000 8:46 AM To: brett.glover@RANDOLPH.AF.MIL; mark.jankowski@peterson.af.mil; ed.koveleskie@wpafb.af.mil; richard.mcdonald@hurlburt.af.mil; bud.rabuano @AFRC.AF.MIL Cc: Gregory.Wilson@Gunter.AF.mil Subject: FW: KG-84A for CASB PROGRAM Gents, just a heads up in case you need KGs for the replatform project. Remember, the system is classified system high secret - meaning all terminals require crypto. Thanks, Robin > -----Original Message----- > From: Casanova Albert GS-11 ESC/DIWP [SMTP:albert.casanova@KELLY.AF.MIL] > Sent: Tuesday, February 15, 2000 13:05 > To: Ford Jeffery A Maj HQ SSG/ILW; robin.johnson@Gunter.AF.mil; > Seminario Fernando A MSgt ACC/XOMW; mike.hershey@ramstein.af.mil; Wilson > Gregory L MSgt HQ SSG/ILWR; kevin.nero@ginter.af.mil; Trescott Robert TSgt > PACAF/LGWL > Cc: Kirk Rodney GS-12 ESC/DIWP; Kocurek Francis GS-11 ESC/DIWP > Subject: KG-84A for CASB PROGRAM > > Our office is ready to support your KG-84A requirements for the CASB > Program. You may submit requisitions to the Supporting Supply Activity for > your location at anytime. > > If you have any questions or require additional information please > contact Albert Casanova at DSN 969-2018 or Gene Kocurek at DSN 969-2751. > > Thank You, > > Albert Casanova > Equipment Specialist > ESC/DIWP > albert.casanova@kelly.af.mil > > > From: Ballard Michael L GS-12 37TRW/SEG Sent: Monday, February 28, 2000 4:36 PM To: 2AF/SE; Allen, William; Bailey, Brent; BASKIN, RICHARD; BERGES, WILLIE; Branchfield, Bob; Brown, Richard; CUSANEK, DEAN; Davis, Don; DOUGLAS, JAMES; Dovale, Jacqueline; Dunkley, Margaret; ELLIOTT, JACK; FOX, DEAN; Frontaura, Rafael; GOERING, DIANA; GOODRICH, GREG; Green, Gordon; Hicks, Jewell; Huggins, Susan; Irwin, Michael; James, Byron; JAMES, RICK; JETT, HERMAN; Johnston, Doug; Jones, Gary; Kilpatrick, Maurice; KING, ROBERT; LEWIS, AL; LOEWER, DAVID; MAPP, RUFUS; MCDONALD, RICHARD; Moshier, Lisa; NICHOLS, MIKE; Noegel, Garry; Pohland, Eric; Pyles, Walter; Ramirez, JoeMartin; RAY, STEVENSON; REAVIS JAMES C MAJ 651MUNS/CC; Sandidge, Glen; Sansone, Lawrence; CHARLES, DEBRA; Etrheim, David; GUTIERREZ, EFRAIN; HORSTMAN, MICHAEL; LEWIS, KENT; MAYO, JULLIETTE; MEZA, EDDIE; SMITH, CHRISTOPHER; TAYLOR, CLARA; SEWELL, WILLIAM; Shepherd, Rodney TSgt 425ABS/SE; Skopal, Lisa; SPEAKMON, CATHERINE; Stock, Janet; STUCHBERY, GENA; VALDEZ, HENRY; Walker, Timothy; WEISS, CHARLES; Wheeler, Sandra; YOUNKE, STEVEN Subject: ORM Quiz Importance: Low Here is a short ORM quiz to pass throughout your work area or perhaps to use during your next supervisory meeting to check the ORM knowledge of your folks. MICHAEL L. BALLARD Acting Chief of Safety DSN 473-3969 Comm (210) 671-3969 FAX 3878 **Circle the letter of the correct answer. 1. What does ORM stand for? Occupational Risk Management Operational Risk Management Occupational Risk Mishaps Operational Risk Mission 2. What is the Air Force Instruction governing ORM? AFI 91-213 AFI 32-2001 AFI 11-215 AFI 91-204 3. A1C Smith is at home preparing to work on a light fixture in the ceiling, while working from a metal ladder. Has A1C Smith used proper ORM? Yes No 4. What is the first step in ORM? Make a risk decision Assess the hazard Implement controls Identify the hazard 5. Who has the responsibility to effectively manage risks? Workers Supervisors Commanders Safety 6. ORM provides common since solutions to hazards before they cause a mishap or mission failure and is proactive way to find and resolve hazards rather than reacting to something which goes wrong. True False 7. What answer is an "individual" responsibility in ORM? Identify hazards/risks to supervisors Balance what is wanted versus what is needed Integrates risk controls into plans and orders Develop a total commitment to mission accomplishment 8. The risk assessment step in the process uses which three variables to decide if a hazard will result in a mishap? Who identify the hazard, location, and time. The exposure, possibility, and abatement cost. The probability, severity, and exposure possibility. The location, time, and probability. 9. Maj Tom is going flying in his private plane. He has performed a pre-flight check of the aircraft and submitted a proposed fight plan for the day. A friend shows up before he takes off to go with him, they decide to fly to a new location for lunch without submitting a new flight plan. Has proper ORM been used? Yes No 10. Prior to implementing a control measure that is beyond your scope of authority, you need to get approval from the appropriate level. True False 1 = b 2 = a 3 = b 4 = d 5 = c 6 = a 7 = a 8 = d 9 = a 10 = a Read the following statement and go to this web site for the patches http://intranet.lackland.af.mil/Virus_Info.html Last week, Symantec discovered an incompatibility between older definition sets and NAV NT's Auto-Protect. In some cases, the virus definitions were not completely updating until the computer was rebooted. This problem most often affected users who were updating from definitions dated before January 15, 2000. The symptoms included Windows NT blue screens and false reports on two viruses (Bloodhound.Unknown and Blankey.STCN). The Symantec AntiVirus Research Center (SARC) has released a patch for NAV NT to resolve this problem. Platinum Support urges you to apply this patch to your Windows NT systems. The patch is available for both the Intel and the DEC Alpha platforms, and it does not require a system reboot. To use this updater: * Copy both NAVPATCH.EXE and NAVAPSVC.EXE to the same folder on your hard drive. * Execute NAVPATCH.EXE. The Updater will check to be sure NAV 5.0x is installed on the system, and find the installation directory. It then stops the Auto-Protect service, copies the new NAVAPSVC.EXE file in place, and restarts Auto-Protect. * After running the Updater, please remember to update your virus definitions as usual. NOTE: There are two versions of the patch - one for Intel and one for Alpha. The Alpha files are NAVPATCH_A.EXE and NAVAPSVC_A.EXE. IMPORTANT: The files should be renamed NAVPATCH.EXE and NAVAPSVC.EXE before the end user attempts to execute them. Anyone using NAV32UP to distribute the defs from a login script will have to run the patch program FIRST, then run NAV32. We apologize for the inconvenience this has caused. Patch for NAV 5.0x Blue Screens Navapsvc.exe for Intel Navpatch_a.exe for Alpha Navapsvc_a.exe for Alpha _/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/_/ _/ _/ _/ AIR FORCE COMPUTER EMERGENCY RESPONSE TEAM IP BULLETIN 00-0099 01 Mar 00 - 1400Z DO NOT REDISTRIBUTE OUTSIDE OF DOD CHANNELS WITHOUT EXPRESS PERMISSION FROM THE AFCERT Subject: AFCERT IP Bulletin for 29 Feb - 1 Mar 2000 EXECUTIVE SUMMARY: This message contains new and updated AFCERT initiated IP blocks. Each of the following actions was taken due to AFCERT probing thresholds being met and appropriate blocking actions being initiated. A probe should be considered a precursor to further activity. Information has been passed to appropriate intellegince organizations to determine if heightened awareness in the I&W system is warranted. 1. Each blocking action contains: Source IP and resolution, Blocked IP/Domain, Source Registration, Type of Probe, associated AFCERT Suspicious Event Report (SER), Start Date of the Probe, and a recommended blocking action removal date. A. SOURCE IP: 210.178.212.1 (unknown.host.domain) BLOCKED IP/DOMAIN: 210.178.212.1 SOURCE REGISTRATION: Korean Network Information Center South Korea TYPE OF PROBE: imap SER: 2000-1004 START DATE: 29 Feb 00 BLOCK REMOVAL: 30 Mar 00 B. SOURCE IP: 137.150.188.13 (ulsrv3.cnrs.humboldt.edu) BLOCKED IP/DOMAIN: 137.150.188.13 SOURCE REGISTRATION: Humboldt State University Arcata, California TYPE OF PROBE: SUNRPC SER: 2000-1021 START DATE: 29 Feb 00 BLOCK REMOVAL: 30 Mar 00 C. SOURCE IP: 213.188.8.45 (albatross.fast.no) BLOCKED IP/DOMAIN: 213.188.8.45 SOURCE REGISTRATION: Fast Search & Transfere ASA Norway TYPE OF PROBE: FTP SER: 2000-1024 START DATE: 29 Feb 00 BLOCK REMOVAL: 30 Mar 00 D. SOURCE IP: 211.50.49.251 (unknown.host.domain) BLOCKED IP/DOMAIN: 211.50.49.0 SOURCE REGISTRATION: Korea Network Information Center South Korea TYPE OF PROBE: DNS SER: 2000-1025 START DATE: 29 Feb 00 BLOCK REMOVAL: 30 Mar 00 E. SOURCE IP: 208.15.85.5 (unknown.host.domain) BLOCKED IP/DOMAIN: 208.15.85.5 SOURCE REGISTRATION: Connectivity Service Wichita, Kansas TYPE OF PROBE: DNS SER: 2000-1027 START DATE 29 Feb 00 BLOCK REMOVAL: 30 Mar 00 F. SOURCE IP: 207.36.176.240 (tsmia5-367.gate.net) BLOCKED IP/DOMAIN: 207.36.176.0 SOURCE REGISTRATION: CyberGate, Inc. Deerfield Beach, Florida TYPE OF PROBE: DNS SER: 2000-1028 START DATE: 29 Feb 00 BLOCK REMOVAL: 30 Mar 00 G. SOURCE IP: 203.228.63.140 (unknown.host.domain) BLOCKED IP/DOMAIN: 203.228.63.0 SOURCE REGISTRATION: Korea Telecom South Korea TYPE OF PROBE: SUNRPC SER: 2000-1033 START DATE: 29 Feb 00 BLOCK REMOVAL: 30 Mar 00 H. SOURCE IP: 129.100.232.191 (h232-191.reznet.uwo.ca) BLOCKED IP/DOMAIN: 129.100.232.191 SOURCE REGISTRATION: University of Western Ontario Ontario, Canada TYPE OF PROBE: FTP SER: AFCERT Incident 00-10 START DATE: 01 Mar 00 BLOCK REMOVAL: 31 Mar 00 I. SOURCE IP: 4.33.51.226 (lsanca1-ar2-051-226.biz.dsl.gtei.net) BLOCKED IP/DOMAIN: 4.33.51.226 SOURCE REGISTRATION: BBN Planet Cambridge, Massachusetts TYPE OF PROBE: SUNRPC SER: 2000-1039 START DATE: 01 Mar 00 BLOCK REMOVAL: 31 Mar 00 J. SOURCE IP: 204.210.42.248 (dt0a5nf8.san.rr.com) BLOCKED IP/DOMAIN: 204.210.42.248 SOURCE REGISTRATION: SouthwesternCableTV-TimeWarnerCable RoadRunner-ClairemontS San Diego, California TYPE OF PROBE: Linux-Conf SER: 2000-1043 START DATE: 01 Mar 00 BLOCK REMOVAL: 31 Mar 00 K. SOURCE IP: 210.179.78.100 (unknown.host.domain) BLOCKED IP/DOMAIN: 210.179.78.100 SOURCE REGISTRATION: Korea Network Information Center South Korea TYPE OF PROBE: IMAP SER: 2000-1023 START DATE: 29 Feb 00 BLOCK REMOVAL: 30 Mar 00 L. SOURCE IP: 195.241.228.0 (unknown.host.domain) BLOCKED IP/DOMAIN: 195.241.228.0 SOURCE REGISTRATION: World Online BV Vianen, Netherlands TYPE OF PROBE: Frontpage Exploit SER: AFCERT Incident 00-9 START DATE: 29 Feb 00 BLOCK REMOVAL: 30 Mar 00 The AFCERT contacted the Air Force Internet Control Center (AFINCC) and had the source IPs or domains blocked at AFINCC controlled routers. If your location has other access routes to the Internet, request you initiate similary blocking actions at the local level. AFCERT will coordinate with the AFINCC to discontinue blocking actions on AFIN controlled routers. Local blocking actions may be removed in accordance with the dates listed above. 2. Blocking action change and updates: A. Report Number: AFCERT IP Bulletin 00-0089 B. Paragraph: 1H C. New Block: 212.184.153.0 D. Block Removal: 30 Mar 00 A. Report Number: AFCERT IP Bulletin 00-0095 B. Paragraph: 1D C. New Block: 24.112.88.0 D. Block Removal: 30 Mar 00 3. AFCERT action should not be construed as evidence of a belief that any particular person or entity associated with the IP is a witting participant in the intrusion activity. If you are not part of the Air Force community, please contact your agency's response team to report incidents. Other teams include DISA-ASSIST team, Army's ACERT, Navy's NAVCIRT, DARPA's CERT/CC, DOE's CIAC, and NASA's NASIRC. Your agency's team will coordinate with the AFCERT. 4. AFCERT Advisories, Bulletins, and Virus Notifications, ASSIST Bulletins, The DoD Anti-Viral product and other security tools are available on our anonymous ftp server. ********************************************************************* * DO NOT REDISTRIBUTE BEYOND THE DOD AND DOD CONTRACTUAL * * SUPPORT COMMUNITIES OR EDIT THIS DOCUMENT IN ANY WAY * * UNLESS AFCERT GRANTS EXPRESS PERMISSION TO DO SO. * * DISSEMINATE AND MAINTAIN ONLY ON DOD CONTROLLED COMPUTER * * NETWORKS. * * * * THE DOD AND DOD CONTRACTUAL SUPPORT COMMUNITIES INCLUDE * * INDIVIDUALS WITHIN THE DOD COMMUNITY OR OPERATING IN SUPPORT * * OF A DOD CONTRACT, GRANT, OR INTER-AGENCY AGREEMENT. * * * * QUESTIONS REGARDING THIS DOCUMENT OR REQUESTS FOR PERMISSION * * TO EDIT OR REDISTRIBUTE SHOULD BE DIRECTED TO AFCERT USING * * ONE OF THE METHODS LISTED BELOW: * * * * AFIWC/EAA DSN: 969-3157 * * 102 HALL BLVD STE 215 COML: (210)977-3157 * * SAN ANTONIO TX 78243-7013 HOTLINE: 1(800)854-0187 * * * * E-MAIL: AFCERT@AFCERT.KELLY.AF.MIL UNCLAS FAX: DSN 969-3632 * * FTP - FTP://AFCERT.KELLY.AF.MIL SECURE FAX: DSN 969-3633 * * WEB - HTTP://AFCERT.KELLY.AF.MIL IP ADDRESS: 137.242.142.199 * ********************************************************************* From: Parks Stephen SSGT 76ABW/HC Sent: Tuesday, February 29, 2000 4:19 PM To: SA-ALC/EMDD SECRETARIES; 76 ABW - WING SECS; Stadelmaier Robert K Jr TSgt HQ AIA/HC; Rodrigues.Eric@aia.af.mil Cc: Lizana Mark G SSGT 76ABW/HC; Hochreiter Robert S Lt Col 76 ABW/HC Subject: Lenten Schedule Everyone, I have attached the Lenten Schedule. In the schedule you will see all the services and events being held between 8 Mar 00 and 23 Apr 00. Please contact your Kelly Base Chapel at 5-7874 if you have any questions regarding this schedule. Thank you Stephen R. Parks, SSgt, USAF NCOIC, Chapel Division O UU O 012230Z MAR 00 FM AFIWC KELLY AFB TX//CC// TO AIG SEVEN ONE ZERO INFO HQ USAF WASHINGTON DC//SC/XOIW// HQ AFCIC WASHINGTON DC//SY// DISA WASHINGTON DC//D3/GOSC// UNCLAS QQQQ SUBJECT: IMMEDIATE AFCERT ADVISORY COMPLIANCE MESSAGE 00-004, "NETWORK DEVICE DEFAULT CONFIGURATION SETTINGS" 1. REFERENCE: USAF/SC MESSAGE, SUBJECT: "AFCERT COMPUTER NETWORK VULNERABILITY ADVISORY AND DISA INFORMATION ASSURANCE VULNERABILITY ALERT COMPLIANCE" (U) DTG: 271600Z MAY 98 2. DISTRIBUTION STATEMENT: BASE COMMUNICATIONS SQUADRON COMMANDERS MUST DISSEMINATE THIS AFCERT ADVISORY (FOUND ALTERNATIVELY AT FTP://AFCERT.KELLY.AF.MIL/PUB/AFCERT_COMPLIANCE_MESSAGE/ACM00/ACM00- 04.TXT - ALL LOWER CASE) TO ALL BASE UNITS OPERATING OR ADMINISTERING NETWORKS. ALL BASE COMM UNITS MUST ACKNOWLEDGE RECEIPT AND REPORT IMPLEMENTATION OF THIS ADVISORY TO THEIR MAJCOMS. (SEE PARA 4 BELOW) 3. APPLICATION: THE AFCERT HAS OPENED 11 INCIDENTS OVER THE LAST 12 MONTHS THAT INVOLVES OFFICE PRINTERS AND NETWORKING DEVICES THAT WERE INADVERTENTLY LEFT CONFIGURED WITH THEIR DEFAULT SETTINGS AS SHIPPED FROM THE VENDOR. MORE SPECIFICALLY, THESE INCIDENTS INVOLVED ACCESS TO TELNET, FTP, HTTP AND OTHER SERVICES THAT WERE ORIGINALLY ENABLED FOR THE PURPOSES OF REMOTE MANAGEMENT. UNFORTUNATELY, THESE SERVICES (WHEN CONFIGURED "AS IS" FROM THE FACTORY) ARE CONFIGURED WITH LITTLE OR NO SECURITY. FOR EXAMPLE, ALL SERVICES (TELNET, FTP, AND HTTP) ARE ENABLED ON A NETWORK PRINTER WITH NO PASSWORDS ENABLED. WHILE THIS SEEMS TRIVIAL AT FIRST, AN INTRUDER CAN LOG ON TO THE DEVICE, MODIFY ITS CONFIGURATION, AND EVEN THEORETICALLY REDIRECT PRINTER OUTPUT (WITH SOME MODELS OF NETWORK PRINTERS). FOR NETWORKING DEVICES (ROUTERS, SWITCHES, ETC), THE POSSIBLE HARM IS OBVIOUSLY MUCH MORE SERIOUS. BY LOGGING ON TO A SWITCH OR ROUTER, AN INTRUDER CAN RE-CONFIGURE THE DEVICE OR DISABLE IT, POTENTIALLY CAUSING A SERIOUS DENIAL OF SERVICE IF THE DEVICE IS LOCATED IN A CRITICAL AREA IN THE BASE'S INFRASTRUCTURE. DUE TO THE RECENT NUMBER OF PREVENTABLE INCIDENTS, NETWORK AND SYSTEM ADMINISTRATORS MUST ENSURE THAT ALL NETWORK PRINTERS AND OTHER INFRASTRUCTURE DEVICES (HUBS, ROUTERS, SWITCHES, ETC) HAVE ACCESS CONTROLS ENABLED (I.E. PASSWORDS), UNNECESSARY SERVICES DISABLED (E.G. FTP ON A HP LASERJET), AND ACCESS TO THOSE SERVICES BLOCKED AT THE BASE'S PERIMETER. IN CASES WHERE SERVICES ON A DEVICE CANNOT BE DISABLED DUE TO THE MANUFACTURER'S DESIGN, BLOCKING EXTERNAL ACCESS TO THOSE SERVICES AT THE BASE PERIMETER WILL BE SUFFICIENT. DEVICES OWNED AND OPERATED BY FUNCTIONAL COMMUNITIES AND TENANT ORGANIZATIONS, MUST COMPLY WITH THIS AFCERT ADVISORY. LOCAL POCS FOR REMOTELY CONTROLLED SYSTEMS SHOULD CONTACT THE REMOTE ADMINISTRATORS OF THESE SYSTEMS TO OBTAIN COMPLIANCE STATUS. BASE COMM SQUADRON COMMANDERS WILL INCLUDE THIS STATUS WITH CONSOLIDATED BASE REPORTS TO MAJCOM/SC'S. 4. WHEN TO BE ACCOMPLISHED: AF BASES HAVE 20 CALENDAR DAYS FROM DTG OF THIS MESSAGE TO IMPLEMENT CORRECTIVE ACTIONS AND REPORT BACK TO MAJCOM/SC'S. SPECIAL INSTRUCTIONS: AS PER ABOVE REFERENCE, BASES HAVE 72 HOURS FROM THE DTG OF THIS MESSAGE TO ACKNOWLEDGE RECEIPT TO MAJCOM, AND MAJCOM HAS FIVE (5) DAYS FROM THE DTG OF THIS MESSAGE TO CONSOLIDATE CONFIRMED RECEIPTS AND ACKNOWLEDGE RECEIPT TO THE AFCERT. ADDITIONALLY, MAJCOMS HAVE 25 DAYS FROM THE DTG OF THIS MESSAGE TO CONSOLIDATE PATCH STATUS, AND REPORT MAJCOM STATUS TO THE AFCERT. 5. BY WHOM TO BE ACCOMPLISHED: BASE COMM SQUADRON COMMANDERS WILL ENSURE SYSTEM/NETWORK ADMINISTRATORS OF ALL BASE AND TENANT NETWORKS COMPLY WITH THIS ADVISORY. 6. WHERE TO OBTAIN THE RECOMMENDED CORRECTIVE ACTIONS: CORRECTIVE ACTIONS ARE AVAILABLE AS DESCRIBED IN PARA 3. 7. MAJCOM REPORTING TO THE AFCERT MUST BE ACCOMPLISHED VIA AUTODIN MESSAGE TRAFFIC TO: AFIWC KELLY AFB TX//EAAO// AS PRESCRIBED IN ABOVE REFERENCE, WITH THE SUBJECT LINE OF "RESPONSE TO IMMEDIATE AFCERT ADVISORY COMPLIANCE MESSAGE 00-004". 8. POINT OF CONTACT FOR THIS MESSAGE IS AFCERT 24-HR HOTLINE, DSN 969-3157, EMAIL ADDRESS: AFCERT@AFCERT.KELLY.AF.MIL, UNCLAS FAX: DSN 969-3632, SECURE FAX: DSN 969-3633. _/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/_/ _/ _/ _/ AIR FORCE COMPUTER EMERGENCY RESPONSE TEAM IP BULLETIN 00-0100 02 Mar 00 - 1400Z DO NOT REDISTRIBUTE OUTSIDE OF DOD CHANNELS WITHOUT EXPRESS PERMISSION FROM THE AFCERT Subject: AFCERT IP Bulletin for 01 - 02 Mar 2000 EXECUTIVE SUMMARY: This message contains new and updated AFCERT initiated IP blocks. Each of the following actions was taken due to AFCERT probing thresholds being met and appropriate blocking actions being initiated. A probe should be considered a precursor to further activity. Information has been passed to appropriate intellegince organizations to determine if heightened awareness in the I&W system is warranted. 1. Each blocking action contains: Source IP and resolution, Blocked IP/Domain, Source Registration, Type of Probe, associated AFCERT Suspicious Event Report (SER), Start Date of the Probe, and a recommended blocking action removal date. A. SOURCE IP: 4.3.44.152 (lsajca1-ar3-044-152.dsl.gtei.net) BLOCKED IP/DOMAIN: 4.3.44.152 SOURCE REGISTRATION: BBN Planet Cambridge, Massachusetts TYPE OF PROBE: Multi-service SER: 2000-1045 START DATE: 01 Mar 00 BLOCK REMOVAL: 31 Mar 00 B. SOURCE IP: 129.3.26.191 (met-52.oswego.edu) BLOCKED IP/DOMAIN: 129.3.26.191 SOURCE REGISTRATION: State University of New York - Oswego Oswego, New York TYPE OF PROBE: Sunrpc SER: 2000-1046 START DATE: 01 Mar 00 BLOCK REMOVAL: 31 Mar 00 C. SOURCE IP: 200.20.234.42 (fin-rio42.finep.gov.br) BLOCKED IP/DOMAIN: 200.20.234.42 SOURCE REGISTRATION: Brazilian Research Network (RNP) Sao Paulo, Brazil TYPE OF PROBE: DNS SER: 2000-1075 START DATE: 02 Mar 00 BLOCK REMOVAL: 01 Apr 00 D. SOURCE IP: 209.223.154.250 (unknown.host.domain) BLOCKED IP/DOMAIN: 209.223.154.250 SOURCE REGISTRATION: Web Digital Corp. Venice, California TYPE OF PROBE: DNS SER: 2000-1083 START DATE: 02 Mar 00 BLOCK REMOVAL: 01 Apr 00 E. SOURCE IP: 210.113.67.3 (unknown.host.domain) BLOCKED IP/DOMAIN: 210.113.67.3 SOURCE REGISTRATION: Korea Telecom South Korea TYPE OF PROBE: Sunrpc SER: 2000-1082 START DATE: 02 Mar 00 BLOCK REMOVAL: 01 Apr 00 F. SOURCE IP: 216.3.249.66 (unknown.host.domain) BLOCKED IP/DOMAIN: 216.3.249.66 SOURCE REGISTRATION: DIGEX Inc. Beltsville, Maryland TYPE OF PROBE: DNS SER: 2000-1074 START DATE: 01 Mar 00 BLOCK REMOVAL: 31 Mar 00 G. SOURCE IP: 212.25.85.106 (speed-net-1106.isdn.net.il) BLOCKED IP/DOMAIN: 212.25.85.0 SOURCE REGISTRATION: Speed Net Israel TYPE OF PROBE: Netbus2 SER: 2000-946 START DATE: 01 Mar 00 BLOCK REMOVAL: 31 Mar 00 H. SOURCE IP: 216.217.36.69 (ATHM-216-217-xxx-69.home.net) BLOCKED IP/DOMAIN: 216.217.36.69 SOURCE REGISTRATION: Net Advantage Corp. Mountain View, California TYPE OF PROBE: Port 109 (POP-2) SER: 2000-1085 START DATE: 02 Mar 00 BLOCK REMOVAL: 01 Apr 00 The AFCERT contacted the Air Force Internet Control Center (AFINCC) and had the source IPs or domains blocked at AFINCC controlled routers. If your location has other access routes to the Internet, request you initiate similary blocking actions at the local level. AFCERT will coordinate with the AFINCC to discontinue blocking actions on AFIN controlled routers. Local blocking actions may be removed in accordance with the dates listed above. 2. Blocking action change and updates: A. Report Number: AFCERT IP Bulletin 00-0095 B. Paragraph: 1D C. New Block: 24.112.88.0 D. Block Removal: 30 Mar 00 A. Report Number: AFCERT IP Bulletin 00-0096 B. Paragraph: 1A C. New Block: 204.137.128.0 D. Block Removal: 01 Apr 00 A. Report Number: AFCERT IP Bulletin 00-0089 B. Paragraph: 1H C. New Block: 212.184.153.0 D. Block Removal: 30 Mar 00 3. AFCERT action should not be construed as evidence of a belief that any particular person or entity associated with the IP is a witting participant in the intrusion activity. If you are not part of the Air Force community, please contact your agency's response team to report incidents. Other teams include DISA-ASSIST team, Army's ACERT, Navy's NAVCIRT, DARPA's CERT/CC, DOE's CIAC, and NASA's NASIRC. Your agency's team will coordinate with the AFCERT. 4. AFCERT Advisories, Bulletins, and Virus Notifications, ASSIST Bulletins, The DoD Anti-Viral product and other security tools are available on our anonymous ftp server. ********************************************************************* * DO NOT REDISTRIBUTE BEYOND THE DOD AND DOD CONTRACTUAL * * SUPPORT COMMUNITIES OR EDIT THIS DOCUMENT IN ANY WAY * * UNLESS AFCERT GRANTS EXPRESS PERMISSION TO DO SO. * * DISSEMINATE AND MAINTAIN ONLY ON DOD CONTROLLED COMPUTER * * NETWORKS. * * * * THE DOD AND DOD CONTRACTUAL SUPPORT COMMUNITIES INCLUDE * * INDIVIDUALS WITHIN THE DOD COMMUNITY OR OPERATING IN SUPPORT * * OF A DOD CONTRACT, GRANT, OR INTER-AGENCY AGREEMENT. * * * * QUESTIONS REGARDING THIS DOCUMENT OR REQUESTS FOR PERMISSION * * TO EDIT OR REDISTRIBUTE SHOULD BE DIRECTED TO AFCERT USING * * ONE OF THE METHODS LISTED BELOW: * * * * AFIWC/EAA DSN: 969-3157 * * 102 HALL BLVD STE 215 COML: (210)977-3157 * * SAN ANTONIO TX 78243-7013 HOTLINE: 1(800)854-0187 * * * * E-MAIL: AFCERT@AFCERT.KELLY.AF.MIL UNCLAS FAX: DSN 969-3632 * * FTP - FTP://AFCERT.KELLY.AF.MIL SECURE FAX: DSN 969-3633 * * WEB - HTTP://AFCERT.KELLY.AF.MIL IP ADDRESS: 137.242.142.199 * ********************************************************************* -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv CHAPLAIN STAFF CHAPLAIN SUPPORT STAFF Chaplain Bob Hochreiter Wing Chaplain SSgt Steve Parks NCOIC, Chaplain Division Chaplain Dave Wilshek Senior Protestant Chaplain SSgt Mark Lizana NCOIC, Plans, Programs, & Support Chaplain Brad Agee Chaplain SrA Eric Bailey Logistical & Resouce Support Chaplain Mike Goecker Chaplain TSgt Susan Wood, USAFR NCOIC, Admin Support Chaplain Bill Grace Industrial Chaplain COUNSELING SERVICES Please call us at 925-7874 if you wish to discuss spiritual or personal concerns confidentially with any of your Chaplains. OFFICE INFORMATION LOCATION PHONE Building 1669 COMM = 925-7874 DSN = 945-7874 MAILING ADDRESS 76 ABW/HC 102 Gilmore Drive Kelly AFB, TX 78241-5813 FAX COMM = 925-9986 DSN = 945-9986 EMAIL stephen.parks@kelly.af.mil Your Lenten and Easter Season Schedule 8 March - 23 April 2000 Base Chapel Kelly AFB, Texas Your Lenten Season Schedule Kelly AFB, Texas 8 March - 23 April 2000 Ash Wednesday 8 Mar 00 1130 *Catholic Mass/Blessing & Distribution of Ashes 1200 *Catholic Mass (AIA)/Blessing & Distribution of Ashes *This day is a Catholic day of Fast and Abstinence ie., no meat may be eaten; 2 small meals and 1 full meal allowed Wednesdays During Lent 15 Mar - 12 Apr 00 1800 Catholic Stations of The Cross and Benediction 1830 Catholic "Poor Man's Dinner" - Potluck Thursdays During Lent 9 Mar - 13 Apr 00 1130 Catholic Mass 1130 Protestant Devotional 1200 Ecumenical Luncheon Passion (Palm Sunday) 16 Apr 00 0930 *Catholic Mass Reading of the Passion; Blessing and Distribution of Palms *Vigil Mass on Saturday, 15 Apr, at 1700 1100 Protestant Worship Service Distribution of Palms Holy Week 17 - 23 Apr 00 13 Apr, 1800 Catholic Penance Service 19 Apr, 1800 Parish Seder Meal - reservation only 20 Apr, 1800 *Catholic Mass of the Lord's Supper Washing of the Feet; Procession of the Blessed Sacrament; Adoration and Family Visit of the Blessed Sacrament until midnight. *Fresh flowers are requested 21 Apr, 1200 Protestant Tenebrae Service A Good Friday Service 1500 *Catholic Celebration of the Lord's Passion Reading of the Passion; General Intercessions; Veneration of the Cross; Holy Communion *Day of fast and abstinence 22 Apr, 2000 *Catholic Celebration of the Easter Vigil Liturgy of The Light; Easter Proclamation; Liturgy of The Word; Renewal of Baptismal Vows; Liturgy of The Eucharist *Easter Lilies & fresh white flowers requested Easter Sunday 23 Apr 99 0930 Catholic Mass Renewal of Baptismal Vows 1100 Protestant Communion Worship Service _/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/_/ _/ _/ _/ AIR FORCE COMPUTER EMERGENCY RESPONSE TEAM IP BULLETIN 00-0101 03 Mar 00 - 1400Z DO NOT REDISTRIBUTE OUTSIDE OF DOD CHANNELS WITHOUT EXPRESS PERMISSION FROM THE AFCERT Subject: AFCERT IP Bulletin for 02 - 03 Mar 2000 EXECUTIVE SUMMARY: This message contains new and updated AFCERT initiated IP blocks. Each of the following actions was taken due to AFCERT probing thresholds being met and appropriate blocking actions being initiated. A probe should be considered a precursor to further activity. Information has been passed to appropriate intellegince organizations to determine if heightened awareness in the I&W system is warranted. 1. Each blocking action contains: Source IP and resolution, Blocked IP/Domain, Source Registration, Type of Probe, associated AFCERT Suspicious Event Report (SER), Start Date of the Probe, and a recommended blocking action removal date. A. SOURCE IP: 209.71.98.211 (unknown.host.domain) BLOCKED IP/DOMAIN: 209.71.98.211 SOURCE REGISTRATION: Middletown Township Media, Pennsylvania TYPE OF PROBE: Netbios SER: 2000-1020 START DATE: 01 Mar 00 BLOCK REMOVAL: 02 Apr 00 B. SOURCE IP: 210.99.103.2 (unknown.host.domain) BLOCKED IP/DOMAIN: 210.99.103.2 SOURCE REGISTRATION: Korea Network Information Center South Korea TYPE OF PROBE: DNS SER: 2000-1035 START DATE: 01 Mar 00 BLOCK REMOVAL: 02 Apr 00 C. SOURCE IP: 209.81.16.2 (gateway.resonate.com) BLOCKED IP/DOMAIN: 209.81.16.0 SOURCE REGISTRATION: ViaNet Communications Mountain View, California TYPE OF PROBE: DNS SER: 2000-1091 START DATE: 02 Mar 00 BLOCK REMOVAL: 01 Apr 00 D. SOURCE IP: 63.209.190.21 (dialup-63.209.190.21.Philadelphia1.Level3.net) BLOCKED IP/DOMAIN: 63.209.190.0 SOURCE REGISTRATION: Level 3 Communications, LLC Philadelphia, Pennsylvania TYPE OF PROBE: Imap SER: 2000-1084 START DATE: 02 Mar 00 BLOCK REMOVAL: 01 Apr 00 E. SOURCE IP: 208.166.216.126 (catalog.bigtop.org) BLOCKED IP/DOMAIN: 208.166.216.126 SOURCE REGISTRATION: Todd Reynolds Ashland, Wisconsin TYPE OF PROBE: Pop-2 SER: 2000-1115 START DATE: 03 Mar 00 BLOCK REMOVAL: 02 Apr 00 F. SOURCE IP: 212.184.153.125 (unknown.host.domain) BLOCKED IP/DOMAIN: 212.184.153.0 SOURCE REGISTRATION: Deutsche Telekom AG, Online Services Germany TYPE OF PROBE: Multi-service SER: 2000-730 2000-1007 START DATE: 29 Feb 00 BLOCK REMOVAL: 30 Mar 00 G. SOURCE IP: 212.25.85.106 (speed-net-1106.isdn.net.il) BLOCKED IP/DOMAIN: 212.25.85.0 SOURCE REGISTRATION: Speed Net Israel TYPE OF PROBE: Netbus2 SER: 2000-946 START DATE: 01 Mar 00 BLOCK REMOVAL: 31 Mar 00 The AFCERT contacted the Air Force Internet Control Center (AFINCC) and had the source IPs or domains blocked at AFINCC controlled routers. If your location has other access routes to the Internet, request you initiate similary blocking actions at the local level. AFCERT will coordinate with the AFINCC to discontinue blocking actions on AFIN controlled routers. Local blocking actions may be removed in accordance with the dates listed above. 2. Blocking action change and updates: A. Report Number: AFCERT IP Bulletin 00-0082 B. Paragraph: 1B C. New Block: 195.241.0.0 D. Block Removal: 01 Apr 00 A. Report Number: AFCERT IP Bulletin 00-0096 B. Paragraph: 1A C. New Block: 204.137.128.0 D. Block Removal: 01 Apr 00 3. AFCERT action should not be construed as evidence of a belief that any particular person or entity associated with the IP is a witting participant in the intrusion activity. If you are not part of the Air Force community, please contact your agency's response team to report incidents. Other teams include DISA-ASSIST team, Army's ACERT, Navy's NAVCIRT, DARPA's CERT/CC, DOE's CIAC, and NASA's NASIRC. Your agency's team will coordinate with the AFCERT. 4. AFCERT Advisories, Bulletins, and Virus Notifications, ASSIST Bulletins, The DoD Anti-Viral product and other security tools are available on our anonymous ftp server. ********************************************************************* * DO NOT REDISTRIBUTE BEYOND THE DOD AND DOD CONTRACTUAL * * SUPPORT COMMUNITIES OR EDIT THIS DOCUMENT IN ANY WAY * * UNLESS AFCERT GRANTS EXPRESS PERMISSION TO DO SO. * * DISSEMINATE AND MAINTAIN ONLY ON DOD CONTROLLED COMPUTER * * NETWORKS. * * * * THE DOD AND DOD CONTRACTUAL SUPPORT COMMUNITIES INCLUDE * * INDIVIDUALS WITHIN THE DOD COMMUNITY OR OPERATING IN SUPPORT * * OF A DOD CONTRACT, GRANT, OR INTER-AGENCY AGREEMENT. * * * * QUESTIONS REGARDING THIS DOCUMENT OR REQUESTS FOR PERMISSION * * TO EDIT OR REDISTRIBUTE SHOULD BE DIRECTED TO AFCERT USING * * ONE OF THE METHODS LISTED BELOW: * * * * AFIWC/EAA DSN: 969-3157 * * 102 HALL BLVD STE 215 COML: (210)977-3157 * * SAN ANTONIO TX 78243-7013 HOTLINE: 1(800)854-0187 * * * * E-MAIL: AFCERT@AFCERT.KELLY.AF.MIL UNCLAS FAX: DSN 969-3632 * * FTP - FTP://AFCERT.KELLY.AF.MIL SECURE FAX: DSN 969-3633 * * WEB - HTTP://AFCERT.KELLY.AF.MIL IP ADDRESS: 137.242.142.199 * ********************************************************************* -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv From: Press Service [mailto:afisnews_sender@DTIC.MIL] Sent: Friday, March 03, 2000 14:30 To: DEFENSE-PRESS-SERVICE-L@DTIC.MIL Subject: Mandatory Travel Card Date Extended to May 1 By Jim Garamone American Forces Press Service WASHINGTON, March 3, 2000 -- Service members and DoD civilians now have until May 1 before use of the government travel credit card is mandatory, DoD officials said today. DoD is one of a number of agencies given two extra months to implement the program, said Nelson Toye, DoD's deputy chief financial officer. William J. Lynn, undersecretary of defense (comptroller), signed the memorandum announcing the extension March 1. "Within DoD the primary reason for the delay is that we were so late receiving the guidance," Toye said. "Our components came back to us and asked for an extension. When we applied to the General Services Administration they were willing to grant us the extension." Toye said that GSA officials made it clear there "would be no more extensions." Toye's guidance in the meantime to DoD finance officials is to implement the travel card program to the extent possible. He said the extension does not mean Congress is rethinking the policy. It has just taken longer than expected for government agencies to work out the details. DoD issued new policies in mid-February to implement travel card requirements in an amendment to the Federal Travel Regulation published by the GSA in the Jan. 19 Federal Register. The amendment implements requirements in the Travel and Transportation Reform Act of 1998. The Defense Department began using travel cards in 1983 to pay for lodging, transportation, rental cars and other allowable expenses. The current contractor is Bank of America VISA. The new travel card rules will be included in Volume 9, "Travel Policy and Procedures," of the DoD Financial Management Regulation DoD 7000.14-R. For more information on DoD's travel card program, visit the Defense Finance and Accounting Service Web site at www.dfas.mil or the Bank of America site at www.bankofamerica.com/government. ##end## NOTE: This is a plain text version of a web page. If your mail program did not properly format this information, current News Articles are online at http://www.defenselink.mil/news/#News Articles ==================================================== Virtual tour of the Pentagon http://www.defenselink.mil/pubs/pentagon/ ==================================================== Unsubscribe from or Subscribe to this mailing list: http://www.defenselink.mil/news/subscribe.html ==================================================== The FREE Weekly Technology Email Newsletter for Federal and Military Managers and Employees Monday, March 6, 2000 Technology is changing faster than ever before, and it's harder and harder for federal and military managers to stay ahead of all the latest changes and trends taking place in the federal government. That's why we launched FEDtechnology.com. Every week, FEDtechnology.com gives you the latest changes, trends and decisions that affect you -- and your career. To start your own subscription to FEDtechnology.com, simply go to our website at http://www.fedtechnology.com. Please help your fellow federal and military managers and employees by passing along, faxing or emailing a copy of FEDtechnology.com to them so they can start their own subscription. ---------------------------------------------------------- ELECTRONIC FORMS GUIDANCE FOR AGENCIES SOON This coming April, the Office of Management and Budget (OMB) will deliver guidance to agencies on putting into practice the Government Paperwork Elimination Act of 1998. Agencies must, according to the law, make available on the internet electronic versions of their agencies forms. In addition, the law calls for agencies to develop a way to file forms electronically. STUDENTS GET UNIFIED WEBSITE FOR TRACKING AID The Office of Student Financial Assistance has just finished testing a new, unified website that will allow students to verify the status of their federal financial aid packages. Prior to this, students had to visit several different sites to track down the information they needed. The new website should be ready for students to use this spring to follow-up on their loans and applications. The new system was designed and completed in three months by Highway 1, a non-profit group backed by IT companies. IBM and Microsoft were some of the companies that were involved in the project. 17,000 NIH EMPLOYEES GET TIME AND ATTENDANCE SYSTEM The National Institutes of Health has just finished work on a new Integrated Time and Attendance System that will permit over 17,000 NIH employees at locations around the country (including telecommuters) to validate their requests for time off and attendance time sheets by computer. This new system, designed by American Management Systems, will be used through NIH's internal intranet and will simplify the time and attendance procedure, while complying with OPM rules and regulations. FDIC AWARDS CREDIT CARD SERVICE CONTRACT The Federal Deposit Insurance Corporation has awarded the National Credit Card Servicing contract to ACS' Government Solutions Group with a three year term and options for two more one-year terms. The contract takes effect at once, and ACS will provide debit-card and credit-card servicing. Fiserv Inc. has been chosen by ACS to be the subcontractor and will assist with credit card processing and software upgrades. PROTOTYPE OPM WORK FORCE PLAN DUE IN 2000 The Office of Personnel Management (OPM) plans to launch, in 2000, a prototype for a new, wide-ranging model for work force planning. To assist in its development and deployment, OPM has awarded a contract to SAS Institute Inc. to design, develop and deliver the new work force planning system and all its associated automated tools. The final, detailed system, with all its bells and whistles, should be ready the following year. 6000 XEROX OFFICE SYSTEMS HEAD FOR HIGH SEAS The Navy has ordered over 6,000 Xerox multifunction (print, copy, fax and scan) digital office devices for use on ships and submarines. The contract, worth $68 million, is for five years. The order will be supplied by Xerox's Public Sector Operations unit and will include worldwide service and support for the devices. GAO BLASTS GSA AND VA ACQUISITION FORCE TRAINING The General Accounting Office (GAO), in a late-February report entitled "GSA and VA Efforts to Improve Training of Their Acquisition Workforces, blasted the General Services Administration (GSA) and the Veterans Affairs Department (VA) for not doing enough in setting up training requirements and also for not supplying the required training for their acquisition work forces. The report does admit, however, that both GSA and VA have accomplished a lot in supplying some sections of their acquisition forces with the required training, but that both agencies must move more aggressively towards providing training for all acquisition employees -- as required. GAO also noted in the report that both agencies failed to maintain complete records. BLM PLANNING TO START OVER WITH IT According to a GAO report, the Interior Department's Bureau of Land Management has decided to start from scratch with its IT planning. Last year, the bureau spent over $400 million on its Automated Land and Mineral Record System (ALMRS) before realizing that it wouldn't come close to fulfilling user demands. BLM cancelled the modernization project and has stopped all IT development and acquisition efforts. It is now in the process of finalizing a bureau-wide IT plan, and will await its Completion before moving forward with new IT developments. Fedtechnology.com Publisher: John D. Whitney Associate Publisher: Thomas F. Youngblood Subscriptions Director: Susan A. Pabst A Publication of MR Group, LLC A Veteran-Owned Small Business Editorial questions: editor@fedtechnology.com Subscriptions questions: subscriptions@fedtechnology.com Website: http://www.fedtechnology.com If you wish to change your email address or cancel your subscription to FEDtechnology.com, simply email us at: subscriptions@fedtechnology.com. Introduction Frequency of Training Within 1 month of assignment - then annually Software Piracy Using unauthorized software SIIA Software & Information Industry Association - Formed in Jan 1999. BSA Business Software Alliance FAST Federation against Software Theft CAAST Canadian Alliance against Software Theft The SIIA receives over 30 tips a day concerning software piracy. EO 13103 (Computer Software Piracy) Executive order 13103 - dated 30 Sept 1998. Pertains to government agencies - Contractors - and other recipients of Federal financing - they're handling of Software. AFCA Air Force Communications Agency - is the Air Force POC Software Licensing Copyright is a form of statutory protection - exclusive rights 19640-1980-Title 17 only exception is the user's right to make a single backup copy for archival purpose Copyright penalties 5 Years jail - and or - $250,000 Copyright law from the moment of its creation automatically protects software. Unauthorized duplication is also a Federal crime if done willfully & for the purpose of commercial advantage or private financial gain. License agreements is a legal agreement in which the software developer executes powers of copyright License agreement is found in the documentation accompanying the disks and/or at the beginning of the software program Freeware Shareware will have the license agreement as part of the program License agreements come in many forms Single user 5. Public domain 9. Academic Edition Multi-user 6. Beta 10. Not for Resale Shareware 7. Trail Software Freeware 8. Original Equipment Manufacturer Software Licensing Sample Test Software developers must register their products with the U.S. Copyright office in order for their software to be protected under the U.S. Code copyright laws. FALSE Copyright laws allows users to make 1 copy of their licensed software for backup purposes, whether the licensing agreements states so or not. TRUE 1-3 All but which of the following have to be approved for use by DAA prior to being installed & used on a A.F. computer X Beta Vision ___ Shareware ___ Freeware ___ Public domain software Which of the following types of software is not copyright protected ___ shareware ___ freeware X Public Domain Software ___ Trail software The criminal penalty for each instance of software copyright infringement is a. fine up to 250,000 b. 5 Years in Jail c. A and B Copyright infringement occurs only when software is copied illegally & sold. FALSE Beta Software is distributed free by the developer so it's not covered by the copyright laws. FALSE When you Purchase an upgrade to software you already own you may move the old version to another computer FALSE _/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/_/ _/ _/ _/ AIR FORCE COMPUTER EMERGENCY RESPONSE TEAM IP BULLETIN 00-0102 06 Mar 00 - 1400Z DO NOT REDISTRIBUTE OUTSIDE OF DOD CHANNELS WITHOUT EXPRESS PERMISSION FROM THE AFCERT Subject: AFCERT IP Bulletin for 03 - 06 Mar 2000 EXECUTIVE SUMMARY: This message contains new and updated AFCERT initiated IP blocks. Each of the following actions was taken due to AFCERT probing thresholds being met and appropriate blocking actions being initiated. A probe should be considered a precursor to further activity. Information has been passed to appropriate intellegince organizations to determine if heightened awareness in the I&W system is warranted. 1. Each blocking action contains: Source IP and resolution, Blocked IP/Domain, Source Registration, Type of Probe, associated AFCERT Suspicious Event Report (SER), Start Date of the Probe, and a recommended blocking action removal date. A. SOURCE IP: 216.25.149.35 (unknown.host.domain) BLOCKED IP/DOMAIN: 216.25.149.0 SOURCE REGISTRATION: Eclipse Internet Access Piscataway, New York TYPE OF PROBE: DNS SER: 2000-1108 START DATE: 02 Mar 00 BLOCK REMOVAL: 01 Apr 00 B. SOURCE IP: 63.83.250.195 (unknown.host.domain) BLOCKED IP/DOMAIN: 63.83.250.0 SOURCE REGISTRATION: UUNET Technologies, Inc. Fairfax, Virginia TYPE OF PROBE: Sunrpc SER: 2000-1116 START DATE: 03 Mar 00 BLOCK REMOVAL: 02 Apr 00 C. SOURCE IP: 128.186.110.128 (lap10.hep.fsu.edu) BLOCKED IP/DOMAIN: 128.186.110.128 SOURCE REGISTRATION: Florida State University Tallahassee, Florida TYPE OF PROBE: DNS SER: 2000-1117 START DATE: 03 Mar 00 BLOCK REMOVAL: 02 Apr 00 D. SOURCE IP: 209.111.73.131 (unknown.host.domain) BLOCKED IP/DOMAIN: 209.111.73.0 SOURCE REGISTRATION: NETCOM On-Line Communications Services, Inc. San Jose, California TYPE OF PROBE: Multi-service SER: 2000-1119 START DATE: 03 Mar 00 BLOCK REMOVAL: 02 Apr 00 E. SOURCE IP: 209.76.108.10 (adsl-209-76-108-104.dsl.snfc21.pacbell.net) BLOCKED IP/DOMAIN: 209.76.108.0 SOURCE REGISTRATION: ADSL Basic-rback1.snfc21 San Francisco, California TYPE OF PROBE: NFS SER: 2000-1120 START DATE: 03 Mar 00 BLOCK REMOVAL: 02 Apr 00 F. SOURCE IP: 62.144.231.193 (unknown.host.domain) BLOCKED IP/DOMAIN: 62.144.231.0 SOURCE REGISTRATION: Microsystems-Net Germany TYPE OF PROBE: Multi-service SER: 2000-1121 START DATE: 03 Mar 00 BLOCK REMOVAL: 02 Apr 00 G. SOURCE IP: 216.94.148.3 (ns2.unipos.com) BLOCKED IP/DOMAIN: 216.94.148.0 SOURCE REGISTRATION: The Croissant Tree Toronto, Canada TYPE OF PROBE: DNS SER: 2000-1126 START DATE: 04 Mar 00 BLOCK REMOVAL: 03 Apr 00 H. SOURCE IP: 144.92.235.99 (shofar.geography.wisc.edu) BLOCKED IP/DOMAIN: 144.92.235.99 SOURCE REGISTRATION: MACC Madison, Wisconsin TYPE OF PROBE: DNS SER: 2000-1130 START DATE: 04 Mar 00 BLOCK REMOVAL: 03 Apr 00 I. SOURCE IP: 205.150.35.180 (shelley.entire.mail.net) BLOCKED IP/DOMAIN: 205.150.35.0 SOURCE REGISTRATION: UUNET Canada Inc. Toronto, Canada TYPE OF PROBE: Multi-service SER: 2000-1139 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 J. SOURCE IP: 198.96.117.142 (komodo.reptiles.org) BLOCKED IP/DOMAIN: 198.96.117.0 SOURCE REGISTRATION: The Toronto Municipal Area Networking COOP Toronto, Canada TYPE OF PROBE: Multi-service SER: 2000-1140 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 K. SOURCE IP: 209.112.4.20 (vnode.vmunix.com) BLOCKED IP/DOMAIN: 209.112.4.0 SOURCE REGISTRATION: Sentex Communications Corp. Toronto, Canada TYPE OF PROBE: Multi-service SER: 2000-1141 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 L. SOURCE IP: 194.87.20.8 (drofa.dialup.ru) BLOCKED IP/DOMAIN: 194.87.20.0 SOURCE REGISTRATION: DEMOS-Dialup-2 Moscow, Russia TYPE OF PROBE: Web Vulnerabilities SER: 2000-1142 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 M. SOURCE IP: 216.26.38.18 (ip216-26-38-18.dsl.du.teleport.com) BLOCKED IP/DOMAIN: 216.26.38.0 SOURCE REGISTRATION: Matt Riordan Portland, Oregon TYPE OF PROBE: DNS SER: 2000-1146 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 N. SOURCE IP: 216.210.30.47 (ppp-5800-01a-3047.mtl.total.net) BLOCKED IP/DOMAIN: 216.210.30.0 SOURCE REGISTRATION: TotalNet Inc. Montreal, Canada TYPE OF PROBE: DNS SER: 2000-1147 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 O. SOURCE IP: 205.150.102.4 (forge.ki.org) BLOCKED IP/DOMAIN: 205.150.102.0 SOURCE REGISTRATION: Knowledge, Information and Communication Inc. Oakville, Canada TYPE OF PROBE: Multi-svc SER: 2000-1148 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 P. SOURCE IP: 142.214.90.45 (o2.humberc.on.ca) BLOCKED IP/DOMAIN: 142.214.90.0 SOURCE REGISTRATION: Humber College Etobicoke, Canada TYPE OF PROBE: Multi-service SER: 2000-1150 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 Q. SOURCE IP: 24.112.74.34 (cr882111-a.wlfdle1.on.wave.home.com) BLOCKED IP/DOMAIN: 24.112.74.0 SOURCE REGISTRATION: Rogers WAVE Toronto, Canada TYPE OF PROBE: Multi-service SER: 2000-1151 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 R. SOURCE IP: 216.94.178.7 (raven.korax.net) BLOCKED IP/DOMAIN: 216.94.178.0 SOURCE REGISTRATION: Korax Online Inc. Toronto, Canada TYPE OF PROBE: Multi-service SER: 2000-1152 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 S. SOURCE IP: 194.58.101.138 (d138.z194-58-101.relcom.ru) BLOCKED IP/DOMAIN: 194.58.101.0 SOURCE REGISTRATION: RELCOM Russia TYPE OF PROBE: Multi-service SER: 2000-1155 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 T. SOURCE IP: 216.22.145.114 (timus.com) BLOCKED IP/DOMAIN: 216.22.145.114 SOURCE REGISTRATION: 9 Net Avenue, Inc. East Rutherford, New Jersey TYPE OF PROBE: DNS SER: 2000-1158 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 U. SOURCE IP: 208.41.219.102 (unknown.host.domain) BLOCKED IP/DOMAIN: 208.41.219.102 SOURCE REGISTRATION: AmericanDSL/Scura Speed & Technology Laguna Hills, California TYPE OF PROBE: Netbios SER: 2000-1165 START DATE: 06 Mar 00 BLOCK REMOVAL: 05 Apr 00 V. SOURCE IP: 216.126.189.51 (21-051.015.popsite.net) BLOCKED IP/DOMAIN: 216.126.189.0 SOURCE REGISTRATION: StarNet Inc. Palatine, Illinois TYPE OF PROBE: FTP SER: 2000-1166 START DATE: 06 Mar 00 BLOCK REMOVAL: 05 Apr 00 W. SOURCE IP: 216.59.35.15 (216-59-35-15.usa.flashcom.net) BLOCKED IP/DOMAIN: 216.59.35.0 SOURCE REGISTRATION: Flashcom, Inc. Huntington Beach, California TYPE OF PROBE: Sunrpc SER: 2000-1136 START DATE: 04 Mar 00 BLOCK REMOVAL: 03 Apr 00 X. SOURCE IP: 151.4.170.2 (unknown.host.domain) BLOCKED IP/DOMAIN: 151.4.170.0 SOURCE REGISTRATION: Ferreri Italy TYPE OF PROBE: Multi-service SER: 2000-1133 START DATE: 04 Mar 00 BLOCK REMOVAL: 03 Apr 00 The AFCERT contacted the Air Force Internet Control Center (AFINCC) and had the source IPs or domains blocked at AFINCC controlled routers. If your location has other access routes to the Internet, request you initiate similary blocking actions at the local level. AFCERT will coordinate with the AFINCC to discontinue blocking actions on AFIN controlled routers. Local blocking actions may be removed in accordance with the dates listed above. 2. Blocking action change and updates: None 3. AFCERT action should not be construed as evidence of a belief that any particular person or entity associated with the IP is a witting participant in the intrusion activity. If you are not part of the Air Force community, please contact your agency's response team to report incidents. Other teams include DISA-ASSIST team, Army's ACERT, Navy's NAVCIRT, DARPA's CERT/CC, DOE's CIAC, and NASA's NASIRC. Your agency's team will coordinate with the AFCERT. 4. AFCERT Advisories, Bulletins, and Virus Notifications, ASSIST Bulletins, The DoD Anti-Viral product and other security tools are available on our anonymous ftp server. ********************************************************************* * DO NOT REDISTRIBUTE BEYOND THE DOD AND DOD CONTRACTUAL * * SUPPORT COMMUNITIES OR EDIT THIS DOCUMENT IN ANY WAY * * UNLESS AFCERT GRANTS EXPRESS PERMISSION TO DO SO. * * DISSEMINATE AND MAINTAIN ONLY ON DOD CONTROLLED COMPUTER * * NETWORKS. * * * * THE DOD AND DOD CONTRACTUAL SUPPORT COMMUNITIES INCLUDE * * INDIVIDUALS WITHIN THE DOD COMMUNITY OR OPERATING IN SUPPORT * * OF A DOD CONTRACT, GRANT, OR INTER-AGENCY AGREEMENT. * * * * QUESTIONS REGARDING THIS DOCUMENT OR REQUESTS FOR PERMISSION * * TO EDIT OR REDISTRIBUTE SHOULD BE DIRECTED TO AFCERT USING * * ONE OF THE METHODS LISTED BELOW: * * * * AFIWC/EAA DSN: 969-3157 * * 102 HALL BLVD STE 215 COML: (210)977-3157 * * SAN ANTONIO TX 78243-7013 HOTLINE: 1(800)854-0187 * * * * E-MAIL: AFCERT@AFCERT.KELLY.AF.MIL UNCLAS FAX: DSN 969-3632 * * FTP - FTP://AFCERT.KELLY.AF.MIL SECURE FAX: DSN 969-3633 * * WEB - HTTP://AFCERT.KELLY.AF.MIL IP ADDRESS: 137.242.142.199 * ********************************************************************* -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv _/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/_/ _/ _/ _/ AIR FORCE COMPUTER EMERGENCY RESPONSE TEAM ADVISORY 00-004 06 Mar 00 - 1753Z DO NOT REDISTRIBUTE OUTSIDE OF DOD CHANNELS WITHOUT EXPRESS PERMISSION FROM THE AFCERT Subject: "Dynamic Web Page Scripting Exploitations" CORRECTED COPY - Para 3, corrected hyperlink. EXECUTIVE SUMMARY: - - - In response to DoD/CERT IAVA 2000-A-0001.0.0 and CERT Advisory CA-2000-02, AFCERT is releasing the followng guidance regarding dynamic web page scripting exploitations. While exploits associated with web-based scripting languages have been available for a long time, DoD/CERT IAVA 2000-A-0001.0.0 and CERT advisory CA-2000-02 highlighted new methods for exploiting these pre-existing vulnerabilities. - - - Unlike traditional vulnerabilities that are associated with a specific operating system or system daemon, the exploits highlighted by DoD/CERT and CERT take advantage (maliciously) of "features" that are inherent in the underlying html specification (more specifically, how web browsers are obligated to interpret them). As such, there is no single patch or fix that can be applied to eliminate the availability of this exploit from Air Force systems. Instead, webmasters must add new code to all dynamic web pages that currently reside on their systems so that both output data (e.g. submitted from forms) or input data (e.g. read from cookies or input into cgi scripts) is validated and any maliciously-embedded scripts are prevented from being sent/received. - - - To assist field units in understanding this complex and hard-to- understand issue, the AFCERT has compiled the following information that should be used in conjunction with DoD/CERT's and CERT's advisories to illustrate the issue. Section 2.A of this AFCERT advisory will be separated into two sections: an overview of the exploitation, and then specific examples that will illustrate the concepts involved and their potential impact. The examples that were selected (chat rooms, and emails with hyperlinks) were chosen because they were the most effective at clearly explaining the vulnerability in the minimum amount of space. By their inclusion here, the AFCERT is not implying that Air Force personnel are visiting chat rooms or following untrusted hyperlinks in email. Repeat - they are only used for illustrative purposes. - - - Section 2.C proposes solutions, however the solution for individual sites will vary. To draw together as much knowledge as possible, the AFCERT is requesting solutions and best practices from personnel experienced in web administration. Please report all recommendations through the MAJCOM NOSCs. The AFCERT will create a code repository on its ftp server that has the best sample code available from software vendors and other security experts. Bases and MAJCOMs are fully encouraged to submit code to the AFCERT for other bases and MAJCOMs to use. Web masters are fully encouraged to cut & paste from the code samples as they tailor the code to meet their site-specific needs. The code repository will be continually updated as new modules are available from vendors or from AF personnel. 1. References: A. DoD/CERT IAVA 2000-A-0001.0.0, Topic: Cross-Site Scripting Vulnerability ftp://www.cert.mil/pub/bulletins/dodcert2000/2000-a-0001.htm B. USAF/SC message, Subject: "AFCERT Computer Network Vulnerability Advisory and DISA Information assurance vulnerability alert compliance," DTG: 271600z May 98 2. Vulnerability Information A. Problem: ======== Overview ======== - - - DISA IAVA 2000-A-0001.0.0 covers new methods for a pre-existing exploitation. The pre-existing vulnerability surrounded web-based scripting languages (e.g. Javascript, vbscript) that are typically used to make the web experience more dynamic and interactive. These scripting languages may also be manipulated to run malicious code. - - - Previously, in order to take advantage of this vulnerability, an attacker had to modify the source code of an html page so that it actually contained malicious script embedded in it. To do this, an attacker would have to set up their own web site that contained web pages with embedded malicious scripts and entice you to open those pages with your web browser. When you downloaded their pages, these scripts would execute and perform any variety of benign or malicious commands. While this was not the only method for getting you to execute their malicious scripts, it was one of the most widely used. - - - The new methods for this exploitation provide the attacker with the ability to execute his/her malicious scripts on your machine by using an innocent (trusted) web server on the internet as a vehicle. This is accomplished by inserting malicious scripts into a dynamically- generated web page. When these dynamically-generated web pages are served to the victim (along with the embedded scripts), the scripts may be executed. - - - Any web user can potentially expose their web browser to these Malicious scripts by: -- Following untrusted links in pages, e-mail messages, or Newsgroup postings -- Using interactive forms on an untrustworthy site -- Viewing dynamically generated pages that contain content posted by anyone other than yourself. - - - Some examples of the types of web forms that are at risk to Exploitation/manipulation are: -- Search engines that return result pages based on user input. -- Login pages that store user accounts in databases, cookies, etc. -- Web forms that process credit card information. - - - Note that the AFCERT does not consider the new methods on the pre- existing web vulnerability a "hack" in the classic sense. The fact is that an attacker cannot target you specifically for this exploit. Instead, the attacker must send out their exploit as an e-mail or post it on a chat room, and then wait for you to unknowingly execute it. The results may be significant enough to declare an official AFCERT incident, but this exploit is not targeted in nature. ================ Exploit examples ================ Example #1 - chat room / discussion forum - - ----------------------------------------- - - - With chat rooms or discussion forums, anonymous internet users are allowed to read discussion threads on various topics as well as post new messages for others to see. After posting a new message, the web server dynamically rebuilds a new page that includes the latest message posts. To use scripting languages as an exploit in this environment, an attacker could post a message to a chat room or discussion forum as follows: My name is Joe and I'm looking for information on Windows NT. Can anyone help me? - - - All of the above text would be accepted by the web server and available for viewing by anyone. When a victim subsequently logs onto the chat room or discussion forum, sees this message, and then opens it, all the victim would see on their screen is: My name is Joe and I'm looking for information on Windows NT. Can anyone help me? - - - The victim's browser would hide the script from view and execute it (as it does with all scripts). In this case, the script pops up a simple message box informing the victim that they just ran some untrusted code without their permission. Much more malicious code can obviously be inserted as follows: -- The code could overwrite a "cookie" on the victim's machine that is used when they access another site (e.g. Site A). When accessing that ... ... the web page with a personalized greeting at the top (e.g. "Welcome back, Joe"). The attacker can overwrite the cookie on the users hard drive so that the user name in the cookie (i.e. Joe) is now a script that redirects the user to another web site (e.g. Site B). Now, whenever the victim tries to navigate to that web site, the cookie will be read, and the script will be inserted into site A's web page as it is dynamically served to the user. Rather than display the script, the victim's web browser will execute it and redirect them away from the intended web site. The victim will not be capable of visiting site A (similar to a miniature denial of service) until the cookie is found on the local machine and deleted. - - - The reason the exploit is possible in this environment is because the chat room / discussion forum did not inspect the message that the attacker posted to see if it contained malicious content. It assumed that the posted text was a "passive" message, stored it, and then served it to other internet users upon request. Instead, the attacker posted an "active" script along with their "passive" message. Example #2 - email message with a hyperlink - - ------------------------------------------- - - - New e-mail clients have the capability of reading e-mail formatted in HTML. As such, HTML-formatted emails can include images as well as hyperlinks. An attacker can use exploit scripting languages on your system by embedding malicious scripts in a hyperlink that will execute when the victim visits the page. Consider the following e-mail: If you want more information on our products, search for us on search engine's web site - - - In this example, all the user sees is the message to search for that vendor's products at "search engine's web site." The hyperlink to that site is included in the e-mail, but the script is hidden from view. - - - When the victim clicks on the hyperlink, the following occurs: -- The attacker's malicious script is retrieved from http://www.attacker.com/script.js -- This malicious script is passed to searchengine.com's search engine just like a normal text string. -- Since that text string doesn't exist in searchengine.com's database, searchengine.com will return a web page to the victim that says something similar to "there were no matches for (string goes here). Please refine your search." But in this case, the string that was searched for was a script. When the victim's browser sees the script coming back from searchengine.com (embedded in the error message), it will execute it. - - - Via the above example, an attacker can use a search engine as a vehicle for getting your web browser to run their malicious scripts. it is made possible because the search engine didn't check the input string before using it in a search. When it didn't find the occurrence of the string anywhere on its web site, it dutifully returned it back to the customer where it was subsequently executed. B. Platform: All operating systems that can run web servers or web browsers. Please note that this is a vulnerability associated with HTML and scripting languages. As such, it is not associated with a specific operating system. All operating systems are equally vulnerable. C. Solution: - - - In order to reduce the possibility that your web site can be used as a vehicle for "serving" malicious scripts to innocent users, webmasters must accomplish the following: -- Examine all web pages on their site and ensure that pages which submit data via forms as well as pages that accept input dynamically have subroutines that ensure that scripts are not allowed in their output or input, respectively. -- Explicitly set the character set encoding for each page generated by a web server so that scripts can't be hidden by using non-standard character sets. -- Examine cookies that are read by pages to ensure that scripts are not hidden in them. - - - Since every web page is unique, a "one-size-fits-all" patch cannot be generated to eliminate the vulnerability at all AF bases. Each web administrator must manually code the "sanity checks" listed above into all of their web pages that send/receive data in any form. - - - To facilitate these fix actions and assist web administrators, the AFCERT will create a code repository on its ftp server that has the best sample code available from software vendors and other security experts. Bases and MAJCOMs are fully encouraged to submit code to the AFCERT for other bases and MAJCOMs to use. Web masters are fully encouraged to cut & paste from the code samples as they tailor the code to meet their site-specific needs. The code repository will be continually updated as new modules are available from vendors or from AF personnel. For more information referring to this problem, please reference the following resources: - DoD/CERT IAVA 2000-A-0001.0.0, Topic: Cross-Site Scripting Vulnerability ftp://www.cert.mil/pub/bulletins/dodcert2000/2000-a-0001.htm - Microsoft TechNet article, Topic: Information on Cross-Site Scripting Security Vulnerability http://www.microsoft.com/technet/security/crssite.asp Note: line breaks have been added to URLs to enhance readability 3. Where To Obtain The Recommended Corrective Actions: Corrective actions are available in paragraph 2.C and reference A. Additional code is available from the AFCERT at: ftp://afcert.kelly.af.mil/pub/acm_tools/adv00-004-samples.exe This page will be available starting Friday, 11 Feb 2000, and will be continually updated as "best practice" code becomes available. If MAJCOMs wish to submit code modules for other bases to use, please email them to afcert@afcert.kelly.af.mil. 4. The AFCERT wishes to thank the Microsoft Corporation, DoD/CERT and the CERT for providing the information above. 5. If you are not part of the Air Force community, please contact your agency's response team to report incidents. Other teams include DISA-ASSIST team, Army's ACERT, Navy's NAVCIRT, DARPA's CERT/CC, DOE's CIAC, and NASA's NASIRC. Your agency's team will coordinate with the AFCERT. 6. AFCERT Advisories, Bulletins, and Virus Notifications, ASSIST Bulletins, The DoD Anti-Viral product and other security tools are available on our anonymous ftp server. ********************************************************************* * DO NOT REDISTRIBUTE BEYOND THE DOD AND DOD CONTRACTUAL * * SUPPORT COMMUNITIES OR EDIT THIS DOCUMENT IN ANY WAY * * UNLESS AFCERT GRANTS EXPRESS PERMISSION TO DO SO. * * DISSEMINATE AND MAINTAIN ONLY ON DOD CONTROLLED COMPUTER * * NETWORKS. * * * * THE DOD AND DOD CONTRACTUAL SUPPORT COMMUNITIES INCLUDE * * INDIVIDUALS WITHIN THE DOD COMMUNITY OR OPERATING IN SUPPORT * * OF A DOD CONTRACT, GRANT, OR INTER-AGENCY AGREEMENT. * * * * QUESTIONS REGARDING THIS DOCUMENT OR REQUESTS FOR PERMISSION * * TO EDIT OR REDISTRIBUTE SHOULD BE DIRECTED TO AFCERT USING * * ONE OF THE METHODS LISTED BELOW: * * * * AFIWC/EAA DSN: 969-3157 * * 102 HALL BLVD STE 215 COML: (210)977-3157 * * SAN ANTONIO TX 78243-7013 HOTLINE: 1(800)854-0187 * * * * _/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/_/ _/ _/ _/ AIR FORCE COMPUTER EMERGENCY RESPONSE TEAM IP BULLETIN 00-0103 07 Mar 00 - 1400Z DO NOT REDISTRIBUTE OUTSIDE OF DOD CHANNELS WITHOUT EXPRESS PERMISSION FROM THE AFCERT Subject: AFCERT IP Bulletin for 06 - 07 Mar 2000 EXECUTIVE SUMMARY: This message contains new and updated AFCERT initiated IP blocks. Each of the following actions was taken due to AFCERT probing thresholds being met and appropriate blocking actions being initiated. A probe should be considered a precursor to further activity. Information has been passed to appropriate intellegince organizations to determine if heightened awareness in the I&W system is warranted. 1. Each blocking action contains: Source IP and resolution, Blocked IP/Domain, Source Registration, Type of Probe, associated AFCERT Suspicious Event Report (SER), Start Date of the Probe, and a recommended blocking action removal date. A. SOURCE IP: 195.138.149.77 (fog-21.ssi.bg) BLOCKED IP/DOMAIN: 195.138.149.77 SOURCE REGISTRATION: Saga Style Ltd. Bulgaria TYPE OF PROBE: DNS SER: 2000-1157 START DATE: 05 Mar 00 BLOCK REMOVAL: 04 Apr 00 B. SOURCE IP: 24.95.50.74 (dhcp9550074.columbus.rr.com) BLOCKED IP/DOMAIN: 24.95.50.0 SOURCE REGISTRATION: TimeWarnerCable-RoadRunner- ColumbusOhio-NewRome-dhub-48-54 Columbus, Ohio TYPE OF PROBE: Multi-service SER: 2000-1168 START DATE: 06 Mar 00 BLOCK REMOVAL: 05 Apr 00 C. SOURCE IP: 216.17.150.52 (www.thecliq.org) BLOCKED IP/DOMAIN: 216.17.150.52 SOURCE REGISTRATION: Sean Reifschneider Fort Collins, Colorado TYPE OF PROBE: DNS SER: 2000-1175 START DATE: 06 Mar 00 BLOCK REMOVAL: 05 Apr 00 D. SOURCE IP: 212.56.16.8 (unknown.host.domain) BLOCKED IP/DOMAIN: 212.56.16.8 SOURCE REGISTRATION: Electronics & Software Pleven Bulgaria TYPE OF PROBE: Port 635 SER: 2000-1187 START DATE: 07 Mar 00 BLOCK REMOVAL: 06 Apr 00 E. SOURCE IP: 194.58.227.53 (d53.z194-58-227.relcom.ru) BLOCKED IP/DOMAIN: 194.58.227.0 SOURCE REGISTRATION: RELCOM/EUNET Moscow, Russia TYPE OF PROBE: Multi-service SER: 2000-1188 START DATE: 07 Mar 00 BLOCK REMOVAL: 06 Apr 00 The AFCERT contacted the Air Force Internet Control Center (AFINCC) and had the source IPs or domains blocked at AFINCC controlled routers. If your location has other access routes to the Internet, request you initiate similary blocking actions at the local level. AFCERT will coordinate with the AFINCC to discontinue blocking actions on AFIN controlled routers. Local blocking actions may be removed in accordance with the dates listed above. 2. Blocking action change and updates: A. Report Number: AFCERT IP Bulletin 00-0097 B. Paragraph: 1Q C. New Block: 195.188.192.0 D. Block Removal: 05 Apr 00 3. AFCERT action should not be construed as evidence of a belief that any particular person or entity associated with the IP is a witting participant in the intrusion activity. If you are not part of the Air Force community, please contact your agency's response team to report incidents. Other teams include DISA-ASSIST team, Army's ACERT, Navy's NAVCIRT, DARPA's CERT/CC, DOE's CIAC, and NASA's NASIRC. Your agency's team will coordinate with the AFCERT. 4. AFCERT Advisories, Bulletins, and Virus Notifications, ASSIST Bulletins, The DoD Anti-Viral product and other security tools are available on our anonymous ftp server. ********************************************************************* * DO NOT REDISTRIBUTE BEYOND THE DOD AND DOD CONTRACTUAL * * SUPPORT COMMUNITIES OR EDIT THIS DOCUMENT IN ANY WAY * * UNLESS AFCERT GRANTS EXPRESS PERMISSION TO DO SO. * * DISSEMINATE AND MAINTAIN ONLY ON DOD CONTROLLED COMPUTER * * NETWORKS. * * * * THE DOD AND DOD CONTRACTUAL SUPPORT COMMUNITIES INCLUDE * * INDIVIDUALS WITHIN THE DOD COMMUNITY OR OPERATING IN SUPPORT * * OF A DOD CONTRACT, GRANT, OR INTER-AGENCY AGREEMENT. * * * * QUESTIONS REGARDING THIS DOCUMENT OR REQUESTS FOR PERMISSION * * TO EDIT OR REDISTRIBUTE SHOULD BE DIRECTED TO AFCERT USING * * ONE OF THE METHODS LISTED BELOW: * * * * AFIWC/EAA DSN: 969-3157 * * 102 HALL BLVD STE 215 COML: (210)977-3157 * * SAN ANTONIO TX 78243-7013 HOTLINE: 1(800)854-0187 * * * * E-MAIL: AFCERT@AFCERT.KELLY.AF.MIL UNCLAS FAX: DSN 969-3632 * * FTP - FTP://AFCERT.KELLY.AF.MIL SECURE FAX: DSN 969-3633 * * WEB - HTTP://AFCERT.KELLY.AF.MIL IP ADDRESS: 137.242.142.199 * ********************************************************************* -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv _/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/_/ _/ _/ _/ AIR FORCE COMPUTER EMERGENCY RESPONSE TEAM IP BULLETIN 00-0104 08 Mar 00 - 1400Z DO NOT REDISTRIBUTE OUTSIDE OF DOD CHANNELS WITHOUT EXPRESS PERMISSION FROM THE AFCERT Subject: AFCERT IP Bulletin for 07 - 08 Feb 2000 EXECUTIVE SUMMARY: This message contains new and updated AFCERT initiated IP blocks. Each of the following actions was taken due to AFCERT probing thresholds being met and appropriate blocking actions being initiated. A probe should be considered a precursor to further activity. Information has been passed to appropriate intellegince organizations to determine if heightened awareness in the I&W system is warranted. 1. Each blocking action contains: Source IP and resolution, Blocked IP/Domain, Source Registration, Type of Probe, associated AFCERT Suspicious Event Report (SER), Start Date of the Probe, and a recommended blocking action removal date. A. SOURCE IP: 62.156.26.180 (p3E9C1AB4.dip0.t-ipconnect.de) BLOCKED IP/DOMAIN: 62.156.26.180 SOURCE REGISTRATION: Deutsche Telekom AG, Online Services Germany TYPE OF PROBE: FTP SER: 2000-1197 START DATE: 07 Mar 00 BLOCK REMOVAL: 06 Apr 00 B. SOURCE IP: 211.39.63.247 (unknown.host.domain) BLOCKED IP/DOMAIN: 211.39.63.247 SOURCE REGISTRATION: Korea Network Information Center South Korea TYPE OF PROBE: DNS SER: 2000-1204 START DATE: 07 Mar 00 BLOCK REMOVAL: 06 Apr 00 C. SOURCE IP: 208.14.45.41 (max-roc10-41.digital.net) BLOCKED IP/DOMAIN: 208.14.45.41 SOURCE REGISTRATION: Digital Decision, Inc. Cocoa, Florida TYPE OF PROBE: Sunrpc SER: 2000-1212 START DATE: 08 Mar 00 BLOCK REMOVAL: 07 Apr 00 D. SOURCE IP: 208.14.41.71 (max-roc9-71.digital.net) BLOCKED IP/DOMAIN: 208.14.41.71 SOURCE REGISTRATION: Digital Decision, Inc. Cocoa, Florida TYPE OF PROBE: Multi-service SER: 2000-1213 START DATE: 08 Mar 00 BLOCK REMOVAL: 07 Apr 00 E. SOURCE IP: 207.17.220.216 (unknown.host.domain) BLOCKED IP/DOMAIN: 207.17.220.216 SOURCE REGISTRATION: Universidad Nacional de Ingeneria Peru TYPE OF PROBE: Multi-service SER: 2000-1214 START DATE: 08 Mar 00 BLOCK REMOVAL: 07 Apr 00 F. SOURCE IP: 144.204.65.14 (ptiri-f.onera.fr) BLOCKED IP/DOMAIN: 144.204.0.0 SOURCE REGISTRATION: Office National d'Etudes et de Recherches Aerospatiales France TYPE OF PROBE: Multi-service SER: Not assigned START DATE: 06 Mar 00 BLOCK REMOVAL: 05 Aug 00 G. SOURCE IP: 212.43.32.10 (unknown.host.domain) BLOCKED IP/DOMAIN: 212.43.32.0 SOURCE REGISTRATION: Gestronic Net Switzerland Switzerland TYPE OF PROBE: Multi-service SER: 2000-1205 START DATE: 07 Mar 00 BLOCK REMOVAL: 06 Apr 00 The AFCERT contacted the Air Force Internet Control Center (AFINCC) and had the source IPs or domains blocked at AFINCC controlled routers. If your location has other access routes to the Internet, request you initiate similary blocking actions at the local level. AFCERT will coordinate with the AFINCC to discontinue blocking actions on AFIN controlled routers. Local blocking actions may be removed in accordance with the dates listed above. 2. Blocking action change and updates: A. Report Number: AFCERT IP Bulletin 00-0095 B. Paragraph: 1C C. New Block: 195.188.192.0 D. Block Removal: 05 Apr 00 A. Report Number: AFCERT IP Bulletin 00-0102 B. Paragraph: 1Q C. New Block: 24.112.0.0 D. Block Removal: 06 Apr 00 3. AFCERT action should not be construed as evidence of a belief that any particular person or entity associated with the IP is a witting participant in the intrusion activity. If you are not part of the Air Force community, please contact your agency's response team to report incidents. Other teams include DISA-ASSIST team, Army's ACERT, Navy's NAVCIRT, DARPA's CERT/CC, DOE's CIAC, and NASA's NASIRC. Your agency's team will coordinate with the AFCERT. 4. AFCERT Advisories, Bulletins, and Virus Notifications, ASSIST Bulletins, The DoD Anti-Viral product and other security tools are available on our anonymous ftp server. ********************************************************************* * DO NOT REDISTRIBUTE BEYOND THE DOD AND DOD CONTRACTUAL * * SUPPORT COMMUNITIES OR EDIT THIS DOCUMENT IN ANY WAY * * UNLESS AFCERT GRANTS EXPRESS PERMISSION TO DO SO. * * DISSEMINATE AND MAINTAIN ONLY ON DOD CONTROLLED COMPUTER * * NETWORKS. * * * * THE DOD AND DOD CONTRACTUAL SUPPORT COMMUNITIES INCLUDE * * INDIVIDUALS WITHIN THE DOD COMMUNITY OR OPERATING IN SUPPORT * * OF A DOD CONTRACT, GRANT, OR INTER-AGENCY AGREEMENT. * * * * QUESTIONS REGARDING THIS DOCUMENT OR REQUESTS FOR PERMISSION * * TO EDIT OR REDISTRIBUTE SHOULD BE DIRECTED TO AFCERT USING * * ONE OF THE METHODS LISTED BELOW: * * * * AFIWC/EAA DSN: 969-3157 * * 102 HALL BLVD STE 215 COML: (210)977-3157 * * SAN ANTONIO TX 78243-7013 HOTLINE: 1(800)854-0187 * * * * E-MAIL: AFCERT@AFCERT.KELLY.AF.MIL UNCLAS FAX: DSN 969-3632 * * FTP - FTP://AFCERT.KELLY.AF.MIL SECURE FAX: DSN 969-3633 * * WEB - HTTP://AFCERT.KELLY.AF.MIL IP ADDRESS: 137.242.142.199 * ********************************************************************* -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv Received: from kellyavgate.kelly.af.mil ([137.242.35.197]) by fsmbpb03.KELLY.AF.MIL with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.10) id 1H8N5A4B; Mon, 28 Feb 2000 15:12:45 -0600 Received: from 132.62.88.91 by KELLYAVGATE.KELLY.AF.MIL (InterScan E-Mail VirusWall NT); Mon, 28 Feb 2000 15:18:42 -0600 (Central Standard Time) Received: from knockout.kirtland.af.mil (root@localhost) by knockout.kirtland.af.mil with ESMTP id OAA05495 for ; Mon, 28 Feb 2000 14:14:27 -0700 (MST) Received: from ksmhmv02.kirtland.af.mil (ksmhmv02.kirtland.af.mil [132.62.229.5]) by knockout.kirtland.af.mil with ESMTP id OAA05491 for ; Mon, 28 Feb 2000 14:14:26 -0700 (MST) Received: by ksmhmv02.kirtland.af.mil with Internet Mail Service (5.5.2607.0) id ; Mon, 28 Feb 2000 14:14:26 -0700 Message-ID: From: Sessler LeeAnne A SrA 377 CEG/CEZL To: Ryan Joseph R MSGT 651MUNS/LGWC Subject: Good Afternoon. Date: Mon, 28 Feb 2000 14:14:24 -0700 X-MS-TNEF-Correlator: MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2607.0) Hi Joe, I have been home since Wednesday afternoon. I had to pick up Megan, she wasn't feeling well. I took her to sick call Thursday morning and they did a chest x-ray on her and the other simptoms that she has (high fever, throwing up, a rash, plus strepthroat) they said she had Namonia. But that I brought her in at a good time it was just starting. She is feeling alot better now. She is on Albuteral inhaler, flonase, Augmentin and some other medicine for allergies. She has her checkup Friday so maybe I can stop giving her some of the medicines then. The Sessler have a lot of allergies and I think Megan will have them as well, I don't have any so I will have to be carefull about her. Anyways I am doing good. I guess Chad will be moving into a townhouse he is renting. He went shopping for some furniture this weekend. He is nice to me, if he has something to say other than that we do our own thing. Not too different than before. I am keeping Sessler, I asked him and he said he didn't care. I kind of like it better than Holmes anyways. But I told him if he wants me to change it to let me know. I hope Madison had a good birthday. I reminded Chad to call but I don't think he did. I am thinking about getting Megan one of those jungle gym sets. I asked Chad if he would split the cost with me, he said he would. They are those new big play sets that are made of wood. She would like that. My boss told me today that Gen. Ryan is suppose to come and look at her house this Friday. Since we know the people that work in the housing office they need a guinney pig for the Gen to see some of the houses. I told her, he and his wife can come and see how old and small my house is, and my boss has a new larger house, but she also has 6 kids in a four bedroom house. Well I had better get going for now. I will write later. Love, Lee Anne --------------