Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!cbatt!ucbvax!OHIO-STATE.ARPA!jac
From: jac@OHIO-STATE.ARPA.UUCP
Newsgroups: mod.computers.vax
Subject: Re: ACL and Security Alarm.
Message-ID: <8702192139.AA07553@ohio-state.ARPA>
Date: Thu, 19-Feb-87 16:39:44 EST
Article-I.D.: ohio-sta.8702192139.AA07553
Posted: Thu Feb 19 16:39:44 1987
Date-Received: Sat, 21-Feb-87 02:38:18 EST
References: <8702190802.AA15961@ucbvax.Berkeley.EDU>
Sender: daemon@ucbvax.BERKELEY.EDU
Reply-To: osu-eddie!jac (Jim Clausing)
Organization: The Ohio State University, CIS Dept.
Lines: 24
Approved: info-vax@sri-kl.arpa

In article <8702190802.AA15961@ucbvax.Berkeley.EDU> ANK@CUNYVMS1.BITNET writes:
>>> Culprits dial bulletin boards, and run up hugh bills.....
> 
>Well All I can say in this regard is that you set up a log file
>for the dial-out-modems. I have had no problem tracing with
>a combination of ACCOUNTING and jnet's log. as to who was using
>which equipment. IF catching the culprit red-handed then its another
>story.
> 
>If the ACL does-not work on the modem write a .COM file that will
>be executed when-ever that modem is used.
> 
>                                                Anil Khullar
While the idea of having a command file that is executed everytime the modem
is used may be reasonable.  I think it can work only if said culprit isn't 
particularly well acquainted with the system.  They used this method on one 
system I used to be on, but I found the command file, made a copy of it, 
modified it to skip the journal portion and used my own version.  It isn't 
that I was doing anything with the modem that I wasn't particularly supposed 
to be doing, 98% of my use was legitimate, but it was the principal.  I really 
didn't want them to know that I occasionally used it at 3:00 AM on weekends.
The moral is, if there is a way to get ACCOUNTING to log it, it is much more
difficult (though nothing is impossible) for the user to circumvent the
measures.