Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!bellcore!texbell!ssbn!bill From: bill@ssbn.WLK.COM (Bill Kennedy) Newsgroups: news.admin Subject: Re: Is uunet a security hole? Summary: security for uucp connections Keywords: uucp logins security Message-ID: <300@ssbn.WLK.COM> Date: 29 Dec 88 18:44:10 GMT References: <10420@rpp386.Dallas.TX.US> <44465@beno.seismo.CSS.GOV> Reply-To: bill@ssbn.WLK.COM (Bill Kennedy) Organization: W.L. Kennedy Jr. and Associates, Pipe Creek, TX Lines: 44 In article <44465@beno.seismo.CSS.GOV> rick@seismo.CSS.GOV (Rick Adams) writes: > >This is a PERFECT example of why you should have a separate login >for each uucp connection. > >Anything less invites site "spoofing" as is taking place. > >--rick I had a similar intrusion which prompted me to set up separate logins for each uucp neighbor and separate Permissions appropriate to each site. That managed to keep the cracker out but they still tormented the modems until something more interesting distracted them. I carried it still a step further (after new logins and passwords). The attack that prompted me to do it was quite recent, not the successful intrusion I refer to below. I set up a separate group that is exclusively for uucp neighbors and my own local user account. I then removed "other" execute permissions from uucico and Uutry and "other" write permissions from almost everything. This keeps a mischievious local user (I'm not aware of any) from running a uucico by hand and watching the phone number and login information from being displayed or doing it with Uutry and having it saved to a file! Putting my local account in that group lets me work with the Systems, etc. files without having to su. I'm almost glad this subject came up because it's a more benign reminder of the need for security for uucp connections as well. When this site was vandalized about two years ago it took a low level format on the disks and a re-install to be certain that all of the holes got shut (at least the ones I know about). I never expected an intruder to get into uucico, I'm unsure what they could accomplish (other than what has already been posted). The next measure for this site is to have a "gatekeeper" system whose duties and capabilities are restricted to news and mail and having the system with the sensitive data one level back from the phones. Yes, I'd like to spread my paranoia. The memory of the incident that caused the paranoia is as vivid as if it happened yesterday. I would have much preferred becoming paranoid by reading a news article. Your system is not secure since you have agreed to let it have uucp neighbors and telephone access (nor is mine). That's all the more reason to be beady eyed and hard nosed about what little security you have left. -- Bill Kennedy usenet {killer,att,cs.utexas.edu,sun!daver}!ssbn!bill internet bill@ssbn.WLK.COM