Xref: utzoo comp.unix.admin:1007 comp.dcom.modems:8291 comp.misc:11446 Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!zaphod.mps.ohio-state.edu!mips!smsc.sony.com!dce From: dce@smsc.sony.com (David Elliott) Newsgroups: comp.unix.admin,comp.dcom.modems,comp.misc Subject: Re: Troubling phone calls Keywords: uucp, modem, security Message-ID: <1991Feb13.163415.21671@smsc.sony.com> Date: 13 Feb 91 16:34:15 GMT References: <1018@eplunix.UUCP> <13649@vpk3.UUCP> Sender: dce@smsc.sony.com (David Elliott) Reply-To: dce@smsc.sony.com (David Elliott) Organization: Sony Microsystems, San Jose, CA Lines: 27 In article <13649@vpk3.UUCP>, craig@attcan.UUCP (Craig Campbell) writes: |> Given the context of your posting, I will assume that you mean someone is |> trying to log in as nuucp. (uucp is a valid login for a shell prompt. If |> someone is REALLY trying to log in as uucp, then you are experiencing an |> attempt by someone to 'crack' your system. At 40 calls a day, most likely an |> automated attempt.) The important context got lost here. The original posting showed a listing from the "last" command indicating that someone was logging in as uucp, when he was saying that the uucp account was disabled. From what I saw, it wasn't that someone was "trying" to log in, but that someone *was* logging in. This indicates (to me) that there is an account with the same uid as uucp with a valid password, and that this was still working. I tried to reply to the original poster, but the mail bounced so I ignored the problem. -- ...David Elliott ...dce@smsc.sony.com | ...!{uunet,mips}!sonyusa!dce ...(408)944-4073 ..."His lower lip waved poutily with defiance..."