Bugtraq mailing list archives
Re: Another request for passwords
From: chowes () helix net (Charles Howes)
Date: Sun, 23 Oct 1994 18:37:45 -0700 (PDT)
On Sun, 23 Oct 1994, Rich Holland wrote:
you wrote:Yes, someone broke into an account here at Helix, and seems to have a grudge against one or more people. Vanepp in particular.Sounds like they've broken into more than one account there....Argh. This is the third mailbomb. I'm supposed to be in charge of security; how do you protect against this??!?I'd go through your lastlog, and call everyone who's logged in during the past 2 weeks. Ask them the last time they logged in. If what they say doesn't match, change their password, and force them to change it next time they login... Otherwise, look through your logs, find out where the mailbombs are coming from, and shut down those accounts. Turn on sendmail debugging to keep better logs. Run crack41-ufc over your password file; it appears someone else has already.
What we've done: - Did crack41-ufc. Too late. - Sendmail debugging is on. - Mailbombs are coming from cracked accounts. - Set up shadow passwords. - Set everyone's shell to /bin/crackedsh, which will print a message telling them to call us and confirm their existence. This should kill all crackers, once and for all. Now we need to start using Skey, if we want real security. -- Charles Howes -- chowes () helix net Always tell the truth, then you make it the other bloke's problem! - Sean Connery, 1971
Current thread:
- Re: Stupid crackers exploiting stupid users, (continued)
- Re: Stupid crackers exploiting stupid users Charles Howes (Oct 26)
- Sun Mouse Bug David J. Bianco (Oct 26)
- Network Volumetric Analysis (NVA) software Frank R. Swift (Oct 26)
- Re: Another request for passwords Justin J. Lister (Oct 23)
- Re: Another request for passwords christopher williams (Oct 23)
- Re: Another request for passwords Doug McLaren (Oct 24)
- Re: Another request for passwords Charles Howes (Oct 27)
- Re: Another request for passwords christopher williams (Oct 23)
- Re: Another request for passwords Chris Swanson (Oct 23)
- Re: Another request for passwords Charles Howes (Oct 23)
- Another request for passwords Brian Edmonds (Oct 23)
- Re: Another request for passwords Charles Howes (Oct 23)
- Re: Another request for passwords Charles Howes (Oct 23)
- Re: Another request for passwords Darragh Nagle (Oct 24)
- Re: Another request for passwords root () platon ee duth gr (Oct 27)