[33079] in Hotline Meeting
Illegal remote logins on m66-080-12
daemon@ATHENA.MIT.EDU (Deepak Kumar)
Fri Apr 19 09:27:57 1996
To: hotline@MIT.EDU
Date: Fri, 19 Apr 1996 09:27:52 EDT
From: Deepak Kumar <deekay@MIT.EDU>
Hello,
I'm writing to inform you that someone at moonpie.mit.edu (which moira says is
registered to user jawhite, a grad student) is consistently logged on to
m66-080-12.mit.edu (public cluster SGI/IRIX) as root (console login). I've
changed the root password right now to "toorpass" because I had random
processes die on me (perhaps because they were killed by the remote user) - I
managed to log the remote user out by killing his shell process. I request
you to try and prevent further mischief by this user)."w" and "whodo" and
"netstat" show that this user is logging onto deen.mit.edu from this machine
(m66-080-12) - deen is in this same building (66) according to moira. User
jawhite, who is registered as owner of moonpie.mit.edu in moira, is a grad
student in chemical engineering.
Deepak.
