Xref: utzoo comp.unix.admin:982 comp.dcom.modems:8236 comp.misc:11400 Path: utzoo!attcan!craig From: craig@attcan.UUCP (Craig Campbell) Newsgroups: comp.unix.admin,comp.dcom.modems,comp.misc Subject: Re: Troubling phone calls Keywords: uucp, modem, security Message-ID: <13649@vpk3.UUCP> Date: 8 Feb 91 18:51:06 GMT References: <1018@eplunix.UUCP> Reply-To: craig@vpk3.ATT.COM (Craig Campbell) Organization: AT&T Canada Inc., Toronto Lines: 41 In article fitz@wang.com (Tom Fitzgerald) writes: >> Checking our dialup lines for security problems, I've noticed that *someone* >> keeps calling us as uucp, something like 40 times a day. We haven't been a >> uucp site for 3 years, at least, probably longer, and the old password is >> locked on our machine. >When you were a UUCP site, did you have different logins for each neighbor, >or the same login for all neighbors? If the latter, you're screwed. If >the former, you can watch for a "login " process to be exec'd by >getty when the machine tries to get in. The login process will last until >uucico (or login) times out. >I suppose you could try calling all your old neighbors, if you can remember >them, to find out if you're still in their Systems file. >--- >Tom Fitzgerald Wang Labs fitz@wang.com >1-508-967-5278 Lowell MA, USA ...!uunet!wang!fitz Given the context of your posting, I will assume that you mean someone is trying to log in as nuucp. (uucp is a valid login for a shell prompt. If someone is REALLY trying to log in as uucp, then you are experiencing an attempt by someone to 'crack' your system. At 40 calls a day, most likely an automated attempt.) If you are comfortable with the uucp setup, then why not open the nuucp account and set the valid commands to an empty set. Therefore, you should be able to get a log file entry of the attempted communication, plus the calling machine's identification. Please, let me know how this turns out, craig P.S. If this turns out to be a security problem, on some systems there is a "dialup" password option that requires selected external connections to enter another dialup password. If you want more info, I can provide same. c.e.c.