[15600] in Athena Bugs
Re: sun4 8.1.11: ping
daemon@ATHENA.MIT.EDU (Elliot Schwartz)
Thu Oct 23 18:38:06 1997
From: Elliot Schwartz <elliot@MIT.EDU>
To: Jonathon Weiss <jweiss@MIT.EDU>
Cc: bugs@MIT.EDU
In-Reply-To: Your message of "Wed, 22 Oct 1997 01:32:49 EDT."
<199710220532.BAA27108@the-other-woman.MIT.EDU>
Date: Thu, 23 Oct 1997 18:38:00 EDT
The execute bit was intentionally removed from ping on the
dialups, because people were using compromised accounts to
ping flood. We haven't figured out a permanent solution yet.
If the solution to stop ping floods from dialups was to turn off access to
ping, does this mean that the compromised accounts were not disabled until
the user could change their password? If this is the case, I'd be worried
about what else might be done with the account. If the compromised accounts
were disabled, then shouldn't that solve the ping problem as well as help
out the user?
Could you explain why disabling the accounts (as I assumed would be done
under Athena Rules of Use and for the user's own protection) isn't the
solution being taken?
elliot
