[14379] in Athena Bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

No subject found in mail header

daemon@ATHENA.MIT.EDU (larugsi@MIT.EDU)
Thu Jun 6 17:07:41 1996

From: larugsi@MIT.EDU
Date: Thu, 6 Jun 96 17:07:38 -0400
To: bugs@MIT.EDU

/***** hector:hotline / priam!phnelson /  3:05 pm  Jun  6, 1996*/
From phnelson@kumera.mit.edu  Thu Jun  6 15:05:52 1996
From: phnelson@kumera.mit.edu
To: hotline@MIT.EDU
Cc: phnelson@kumera.mit.edu
Subject: unauthorized access to cheindy2
Date: Thu, 06 Jun 96 15:08:10 -0400

Dear Athena Hotline,

here is the output of top

IRIX cheindy2 5.2 07261423 IP22 Load[2.14,2.13,2.00] 14:49:07   48 procs
    user   pid  pgrp   %cpu proc  pri  size   rss    time  command        
    7820 12151 12151  48.43    *   84  1160    38 10266:59  aaaa002xr
    7820 13834 13834  48.37    *   86  1192    45 9023:49  aaaa003OA
phnelson 20037 20037   0.52    0   60   403   111    0:00  top
    root   522     0   0.05    *   26   408    32   20:41  mediad
    root 20011   185   0.02    *   26   354    75    0:00  telnetd
    root   521   185   0.02    *   26   336    31    8:55  fam
    root   515   515   0.01    *   26   664   275    5:19  objectserver
    root     3     0   0.01    *  +39     0     0    6:51  bdflush
   17536  4315  4315   0.00    *   39   417    26    1:18  telnet
    8899 10285 10285   0.00    *   39   419    26    0:13  telnet
   16880 14986 14986   0.00    *   39   419    26    0:08  telnet          
    7820 12161 12161   0.00    *   26   311    10    0:25  xess3
     504 18398 18398   0.00    *   39   417    26    0:49  telnet
    7820 13844 13844   0.00    *   26   311    10    0:19  xess3           

[athena:~ ]  who
phnelson   ttyq5        Jun  6 14:48

users:
mehnert:*:17536:101:Christian P Mehnert,,,,:/mit/mehnert:/bin/csh
angelino:*:8899:101:Mark D Angelino,,,2536539,6172251660:/mit/angelino:/bin/athh
chenchi:*:16880:101:Chen-Chi Wang,,,,6176219589:/mit/chenchi:/bin/athena/tcsh
emorales:*:504:101:Elizabeth Morales,,,,6174642146:/mit/emorales:/bin/athena/tch

are not authorised for telnet access and do not appear in the /etc/passwd
or /etc/passwd.local files. Although the userids are of people within the
ChemE Dept who have access to the console. Maybe the telnets were
started while the legit users were logged on?

here is the output of:

[athena:/etc ]  ps -ef |grep telnet
00017536  4315     1  0   May 19 ?        1:18 telnet vax.ox.ac.uk 
00016880 14986     1  0   Jun 04 ?        0:08 telnet ereq 
00000504 18398     1  0   May 25 ?        0:49 telnet ccwf.cc.utexas.edu 
    root 20011   185  0 14:47:56 ?        0:00 telnetd 
00008899 10285     1  0   Jun 03 ?        0:14 telnet ereq 
phnelson 20060 20015  0 14:59:09 pts/5    0:00 grep telnet 

I will email the local usrers and ask them if they have ever telneted to
cheindy2.

Help! Please let me know what to do.

If you have any questions, please feel free to send me email.

Regards,
        Peter Nelson
   phnelson@kumera.mit.edu
  http://kumera.mit.edu/pww/ 

/* ---------- */


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14379] in Athena Bugs

No subject found in mail header

daemon@ATHENA.MIT.EDU (larugsi@MIT.EDU)Thu Jun 6 17:07:41 1996

daemon@ATHENA.MIT.EDU (larugsi@MIT.EDU)
Thu Jun 6 17:07:41 1996