Newsgroups: comp.admin.policy Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!uupsi!rodan.acs.syr.edu!jstewart From: jstewart@rodan.acs.syr.edu (Ace Stewart) Subject: Re: Possibly nefarious users Message-ID: <1991Jun10.164952.22417@rodan.acs.syr.edu> Organization: Syracuse Univ/Eastman Kodak Co. References: <2D.-_.N@cs.widener.edu> <1991Jun6.214915.18946@athena.mit.edu> <1991Jun7.164102.672@progress.com> Date: Mon, 10 Jun 1991 16:49:52 GMT In article <1991Jun7.164102.672@progress.com> matth@progress.COM (Matthew J. Harper) writes: >This is indeed a no-no. Not a whole lot is being done about it legally at the >moment, but a few cases have come to trial and the accused have been found >guilty of actions such as this. (Randomly banging on machines to try and >gain access.) Wait a minute. If you have a userid GUEST on your system, _expect_ people all over the internet to try to use it. If you want a limited group of people to use it, I suggest creating a userid of another color (i.e. different than guest) Why? Because guest is a _standard_ on the Internet. Now, if the user is banging on the machine in other accounts, or has found out there is a guest account and beats on it using the normal passwords and still refuses to stop after some time...well heck, let the sysadmin know (please, lets not get back into sysadmin authority) on the other end of the connection and leave it to them. Or, stop allowing access from that site. >Just because a guest account exists does not mean that it is there for all in >the world to log in and look around! Perhaps if we looked at a different >situation from the same outlook: Well...why is it there then? Do you take-out users which try to use anonymous FTP on your system, and if it doesn't have it, want to make sure that they lose their account? The userid anonymous is a standard, just like guest is. Whether or not the "Internet" started off with the idea of this doesn't matter now. It's too late :) > If you leave your car unlocked with the keys in the ignition, does this give >anyone who walks by the right to take it for a spin? Even if they return it >where they found it, nobody saw them do it, and there is really no proof that >they were there? What the heck is it with car analogies? If you leave your car unlocked and with the keys in it, and it gets stolen...I bet you dimes to donuts if you tell your insurance company that and try to get insurance for your stolen car, they'll tell you you're out of your mind and suggest buying a few Yugos if you want to do it again. Were they there? Well, if no one saw them do it, how the hell do I even know that anything was done that I should or should not be pissed about? We're discussing things and making issues of things we're not even sure happened!!! --Ace -- Ace Stewart | Affiliation: Eastman Kodak Company, Rochester, New York jstewart@rodan.acs.syr.edu jstewart@sunrise.bitnet jstewart@mothra.cns.syr.edu jstewart@sunspot.cns.syr.edu ace@suvm.bitnet rsjns@suvm.bitnet