Troubling phone calls
Craig Campbell
craig at attcan.UUCP
Sat Feb 9 05:51:06 AEST 1991
In article <b0efha.ba2 at wang.com> fitz at wang.com (Tom Fitzgerald) writes:
>> Checking our dialup lines for security problems, I've noticed that *someone*
>> keeps calling us as uucp, something like 40 times a day. We haven't been a
>> uucp site for 3 years, at least, probably longer, and the old password is
>> locked on our machine.
>When you were a UUCP site, did you have different logins for each neighbor,
>or the same login for all neighbors? If the latter, you're screwed. If
>the former, you can watch for a "login <name>" process to be exec'd by
>getty when the machine tries to get in. The login process will last until
>uucico (or login) times out.
>I suppose you could try calling all your old neighbors, if you can remember
>them, to find out if you're still in their Systems file.
>---
>Tom Fitzgerald Wang Labs fitz at wang.com
>1-508-967-5278 Lowell MA, USA ...!uunet!wang!fitz
Given the context of your posting, I will assume that you mean someone is
trying to log in as nuucp. (uucp is a valid login for a shell prompt. If
someone is REALLY trying to log in as uucp, then you are experiencing an
attempt by someone to 'crack' your system. At 40 calls a day, most likely an
automated attempt.)
If you are comfortable with the uucp setup, then why not open the nuucp account
and set the valid commands to an empty set. Therefore, you should be able to
get a log file entry of the attempted communication, plus the calling machine's
identification.
Please, let me know how this turns out,
craig
P.S. If this turns out to be a security problem, on some systems there is a
"dialup" password option that requires selected external connections
to enter another dialup password. If you want more info, I can provide
same.
c.e.c.
More information about the Comp.unix.admin
mailing list