Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!cuae2!ihnp4!ptsfa!lll-lcc!ames!ucbcad!ucbvax!RELAY.CS.NET!jon%gaia.UUX%ncar.CSNET
From: jon%gaia.UUX%ncar.CSNET@RELAY.CS.NET.UUCP
Newsgroups: mod.computers.vax
Subject: Security alarms for device access
Message-ID: <8702130055.AA18946@hao.UCAR.EDU>
Date: Thu, 12-Feb-87 19:55:05 EST
Article-I.D.: hao.8702130055.AA18946
Posted: Thu Feb 12 19:55:05 1987
Date-Received: Sat, 14-Feb-87 15:07:33 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 25
Approved: info-vax@sri-kl.arpa


	Our dialout modem ports have attracted the attention of management
lately -- somebody has apparently been calling bulletin board systems all
over the country and running up bills in the thousands of dollars.  Now,
it's easy to cut off access to the ports, but I would really like to find
out just who has been doing this.

	Unfortunately, as far as I can tell, security alarm ACL's do not
work on devices.  I can say:

	$ set acl /object=device /acl=(alarm_journal=security, -
			access=read+write+success+failure) ttd0

and the system is happy.  SHOW DEVICE will list off that ACL as being on
the device.  ACL security alarms are turned on.  Nonetheless, the alarm
does not happen when people dial out through the port.

	So...does anybody have any ideas, or does this simply not work?

Thanks...
----
Jonathan Corbet
National Center for Atmospheric Research, Field Observing Facility
{seismo | hplabs | gatech}!hao!gaia!jon
{ucbvax | allegra | cbosgd}!nbires!gaia!jon