Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!ucbvax!agate!agate!adrianho From: adrianho@barkley.berkeley.edu (Adrian J Ho) Newsgroups: comp.admin.policy Subject: Re: Possibly nefarious users Message-ID: Date: 8 Jun 91 03:03:03 GMT References: <2D.-_.N@cs.widener.edu> <1991Jun6.214915.18946@athena.mit.edu> <1991Jun7.164102.672@progress.com> Sender: usenet@agate.berkeley.edu (USENET Administrator) Organization: University of California, Berkeley Lines: 60 In-Reply-To: matth@progress.COM's message of Fri, 7 Jun 1991 16: 41:02 GMT In article <1991Jun7.164102.672@progress.com> matth@progress.COM (Matthew J. Harper) writes: [ "net-surfing" stuff deleted ] >This is indeed a no-no. Not a whole lot is being done about it legally at the >moment, but a few cases have come to trial and the accused have been found >guilty of actions such as this. (Randomly banging on machines to try and >gain access.) How did they go about doing it? By trying for "guest" accounts, or sneakier means (password cracking, system bugs, etc.)? I'd say there's a _big_ difference -- in the latter case, you're trying to gain access *where no such access was ever provided for you in the first place.* If the perpetrators you refer to gained access via "guest" accounts, I'd bet that they're on trial for _misuse_ of the account (eg. password cracking), *not* unauthorized access. IMHO, unless a "guest" account user is notified somehow (eg. /etc/motd) that "this account is _only_ for use by faculty in Uni. of X", you don't have a case against anyone outside the U. using the same account, since the scope of "legal use" was not made known to him/her. >Just because a guest account exists does not mean that it is there for all in >the world to log in and look around! Perhaps, but _why_ do you have a guest account on your machine to begin with, knowing full well that the world _can_ log in and look around? Aren't you concerned with system security? > Perhaps if we looked at a different >situation from the same outlook: [ car-with-key-in-ignition analogy deleted] > I think anyone would be pretty pissed if this happened. Sure they would, but why did they leave their cars unlocked with the keys in the ignition to begin with? > Is there really a difference? Yeah, leaving your key in the ignition might be an honest mistake. I don't see creating a "guest" account as an honest mistake (if it was, you're not much of a sysadmin, are you?) Also, the car has an owner, and anyone . Who owns a guest account? [Now you know why I hate analogies. They almost never completely describe the situation at hand.] >Matth To answer the original posting: Brendan, if I suspected one of the users on our cluster of doing "no-no"s on the net, I'd ask him/her if s/he has been doing such a thing. Even if the person is guilty and denies it, my question may give him/her the impression that you're on to the, er, "proceedings", which may very well be enough to halt the casual net-surfer. I'd also watch out for any abnormal activity on the system (the nature of such activity would of course depend on what you suspect the perpetrator to be up to).