Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: Notesfiles $Revision: 1.7.0.10 $; site svo.UUCP Path: utzoo!watmath!clyde!cbosgd!ihnp4!inuxc!pur-ee!uiucdcs!okstate.UUCP!svo.UUCP!ks From: ks@svo.UUCP Newsgroups: net.crypt Subject: Re: Re; foiling password crackers Message-ID: <10500003@svo.UUCP> Date: Fri, 14-Mar-86 03:19:00 EST Article-I.D.: svo.10500003 Posted: Fri Mar 14 03:19:00 1986 Date-Received: Sun, 16-Mar-86 08:47:34 EST Lines: 40 Nf-ID: #R:<8602271858.AA11517@ucbvax.berke:-40:svo.UUCP:10500003:000:1902 Nf-From: svo.UUCP!ks Mar 14 02:19:00 1986 /* Written 7:49 pm Mar 7, 1986 by ugbowen@sunybcs.UUCP in svo.UUCP:net.crypt */ I think a better way to ensure that you have time to trace the call would be to set up a mock account as a default account that would be automatically logged into after a number of unsuccessful attempt. This account could have seemingly important files and programs. This would encourage the hacker to stay on the system for a long period of time. Logging into this account would also alert security and they could trace the call. ... Devon E /* End of text from svo.UUCP:net.crypt */ This, of course, is (almost) the way that the folks at one ARPAnet site dealt with an intruder. I will try to pull up and post the old archived copy of an article which reid@Glacier sent me about it. Essentially, they baited the intruder (who was exploiting a bug on a UNIX system whereby the default PATH included a directory which was world writable; you can guess the rest). Each day he would find new 'powers' and would allow the law enforcement community to track the intruder. Unfortunately, just as the FBI was about to close in, the person stopped calling--very coincidentally with the arrest of several hackers in Los Angeles CA, which is point from which the calls were rumored to have originated. The intruders used several network entry points, including Telenet and ARPAnet hosts, and 'old' accounts, to travel on the Internet. This is one reason why I believe that Internet access should be more closely audited by the various NOCs, and physical security should be more robust. I will make this point more clear in a related posting in RISKS-FORUM shortly... What are your views? Do you care about information security? Cryptology is a very important part of creating reasonable access control, authenti- cation, and validation! Cheers. Kurt F. Sauer Tulsa, Oklahoma