Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ncar!noao!asuvax!yendor!stefan
From: stefan@yendor.phx.mcd.mot.com (Stefan Loesch)
Newsgroups: comp.unix.wizards
Subject: Re: Learning about remote users
Message-ID: <10561@yendor.phx.mcd.mot.com>
Date: 17 Mar 89 15:31:12 GMT
References: <199@minya.UUCP>
Reply-To: stefan@yendor.UUCP (Stefan Loesch)
Organization: Motorola Microcomputer Division, Tempe, Az.
Lines: 17

I once did something to learn about possible "hackerattacks" on a SYS V
Rel2 (later Rel 3) machine. You can only do it that way if you have src.
SYS V lets you specifie ports which are "remote", and subsequently asks
users who try to login on such ports for an additional dialup password
you specified. We had several remote ports, modem and X.25.
What I did, was modifying login.c, so that whenever the code for the
dialup password was executed, login would write the following data to a
certain logfile:
 username password dialuppassword time
It also would say, wether the try was "successful" or not.

I never found any breakin attempts, but as a side effect I could
easily tell why a remote uucp call failed (we had transatlantic
connection, so the lines were very bad mostly).

regards 
	stefan