[91] in bugtraq
Re: Another request for passwords
daemon@ATHENA.MIT.EDU (Charles Howes)
Sun Oct 23 23:46:34 1994
Date: Sun, 23 Oct 1994 19:32:25 -0700 (PDT)
From: Charles Howes <chowes@helix.net>
To: Paul Robinson <tdarcos@TDR.COM>
Cc: "Douglas R. Floyd" <dfloyd@paris.eng.utsa.edu>, bugtraq@crimelab.com
In-Reply-To: <Pine.SUN.3.91.941023135322.3552J-100000@access1.digex.net>
On Sun, 23 Oct 1994, Paul Robinson wrote:
> On Sun, 23 Oct 1994, Charles Howes wrote:
>
> >
> > Argh. This is the third mailbomb. I'm supposed to be in charge of
> > security; how do you protect against this??!?
> >
> > We're using shadow passwords as of tonight, and tcp wrappers as of
> > last month. The bugger keeps signing on via modem, and this is a
> > problem. We can't afford callerid.
>
> You shouldn't have to spend money on caller id when there is someone
> known to be breaking into your system. Ask the phone company to put
> trap and trace on your system and that you will unconditionally agree to
> prosecute whoever they catch doing this. You should not have to pay
> *anything* to get them to find the party committing harassment and
> possibly other crimes.
>
> If you are in Canada the rules might be different and they might be
> allowed to charge you, but a big stink about it and a strong letter to
> the CRTC and local newspapers might change their mind.
The phone company *did* put a trace on our line a while ago, but it
wasn't successful because it requires two calls; the first to
establish the prefix, at which point they set up a trace in that
prefix. The records come in the day after the event. Thus, it takes
two bad phonecalls separated by at least a day to trace the offender.
Caller id makes things a lot easier.
--
Charles Howes -- chowes@helix.net
Always tell the truth, then you make it the other bloke's problem!
- Sean Connery, 1971
