Xref: utzoo comp.unix.admin:997 comp.dcom.modems:8266 comp.misc:11417 Path: utzoo!mnetor!tmsoft!torsqnt!lethe!yunexus!ists!helios.physics.utoronto.ca!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!maverick.ksu.ksu.edu!ux1.cso.uiuc.edu!uicsl.csl.uiuc.edu!brando From: brando@uicsl.csl.uiuc.edu (Brandon Brown) Newsgroups: comp.unix.admin,comp.dcom.modems,comp.misc Subject: Re: Troubling phone calls Keywords: uucp, modem, security Message-ID: <1991Feb8.152028.9791@ux1.cso.uiuc.edu> Date: 8 Feb 91 15:20:28 GMT References: <1018@eplunix.UUCP> <1991Feb8.041641.6483@wsrcc.com> Sender: news@ux1.cso.uiuc.edu (News) Organization: University of Illinois at Urbana Lines: 23 wolfgang@wsrcc.com (Wolfgang S. Rupprecht) writes: >> Checking our dialup lines for security problems, I've noticed that *someone* >> keeps calling us as uucp, something like 40 times a day. We haven't been a >> uucp site for 3 years, at least, probably longer, and the old password is >> locked on our machine. >Why not put the uucp's back for a day or two. Just don't give them >any permission for reading/writing or executing anything. Then check >the log files and see who it was. Also, I wouldn't pound the people too hard when you find out. Chances are, if they are not charged for local calls, and the administrator is a "passive" one, they could have restored an old backup and accidentally overwritten the /usr/lib/uucp files. I have done it before....Problem is we DO get charge for local calls, so after $100 was wasted....I learned the hard way! +-----------------------------------------------------------------------------+ | Brandon Brown | Internet: brando@uicsl.csl.uiuc.edu | | Coordinated Science Laboratory | UUCP: uiucuxc!addamax!brando!brown | | University of Illinois | CompuServe: 73040,447 | | Urbana, IL 61801 | GEnie: xmg23356, macbrando | +-----------------------------------------------------------------------------+