[99894] in RedHat Linux List
RE: security advice requested
daemon@ATHENA.MIT.EDU (Fred W. Noltie Jr.)
Tue Nov 17 13:31:31 1998
From: "Fred W. Noltie Jr." <criterion-consulting@usinternet.com>
To: <redhat-list@redhat.com>
Date: Tue, 17 Nov 1998 12:34:30 -0600
In-Reply-To: <Pine.LNX.4.03.9811171046190.615-100000@localhost.localdomain>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
# -----Original Message-----
# From: Brent Sims [mailto:brent@rmi.net]
# Sent: Tuesday, November 17, 1998 11:59 AM
# To: redhat-list@redhat.com
# Subject: Re: security advice requested
#
#
# On Tue, 17 Nov 1998, Michael Jinks wrote:
#
# ->
# ->That's the point of communicating with the ISP which owns the
# ->originating addresses, and "tell don't sell"; if this is the only
# ->"incident" that's ever reported with that user, then nothing will come
# ->of it.
#
# Hang on a minute... just two weeks ago a spam complaint was filed
# with my ISP by someone who had subscribed to a low traffic mailing list
# that I run and then forgot that they had. They also took the liberty
# of complaining here and there... Now I've been with the same ISP for
# over two years now, my bill is current, and this was the first complaint
# of any type that they or any other Internet organization had ever received
# regarding little ol' me. And I'm still trying to recover from the fallout.
#
# A valid complaint is one thing... pipe dreams are another. And as
# someone who telnets into his own box as a matter of course, I can tell you
# in no uncertain terms that it often takes me more than 4 attempts and I
# don't even have a password on my user account.
#
# Assuming you owned the box, what are you gonna do? Shoot me
# cause I can't type my name, while trying to talk on the phone, drink a cup
# of coffee and scratch my _____ all at the same time?
#
#
# Peace be with you,
#
#
# Brent Sims
#
Granted, none of us know what my "visitor" was up to. That fact doesn't make
his visits harmless or evil. If it's silly to assume he was a cracker, it's
just as silly to assume he wasn't when we don't know. This is all the more
true given the fact that it happened on two different nights when I
presumably had two different IP's myself.
So - do you assume the person trying to open your door at 2 a.m. in the
morning is a crook or merely harmless -- a drunk who got lost, or someone in
distress? You may not *know*, but I'll bet you take precautions when you go
to meet him: and I wouldn't be surprised if you call the police.
I'm not saying that trying to telnet where you're not welcome is *exactly*
like breaking and entering, but it's an awful lot like it -- minus the
threat of personal bodily injury, I suppose. So it only seems to me to be
prudent to inform the ISP. As Michael Jinks said before in this thread, if
the ISP receives emails from multiple parties, there may be a problem.
Yes, it's no fun for the harmless drunk to be accosted by the police for
mistakenly trying to get into what he was sure was *his* house (not that
*you* are a drunk! :-))
It's no fun, either, for a person's box to be cracked because someone else
did nothing.
Thanks for the input,
Fred
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
