DHASKIN@CLARKU.BITNET.UUCP (04/02/87)
Hi gang - Here's an interesting one; as usual, we occasionally get people trying to guess other people's passwords and gain access to their accounts, which in general we don't like but like even less when the account they're trying to crash is owned by a senior administrative member (a VP or Provost, for example). When this happens we peruse the operator log file and can often identify by inspection which person was most likely responsible -- we've been fairly successful in the past. However, take a look at the message (names have been changed): %%%%%%%%%%% OPCOM 30-MAR-1987 17:02:16.99 %%%%%%%%%%% Security alarm on OLLIE / Local interactive breakin detection Time: 30-MAR-1987 17:02:16.83 PID: 20200239 User Name: SWEAVER Password: GATEKEEPER Dev Name: _LTA393: We have a program to identify the actual physical server and port to which a LAT device is attached for a currently existing LAT terminal, but no way to go back and find out where LTA393: after LTA393: has returned to the ether. Has anyone had to deal with this problem? What steps did you take? I can think of a couple -- can one modify the OPCOM message to include this ancillary information (or will DEC maybe do this? Hello?)? Or do you log LAT terminal names and physical info to a file when they're created? Any other alternatives? This information is not crucial (as I said, we are generally able to identify suspects) but would make the process much easier. Any ideas? aTdHvAaNnKcSe, % Denis W. Haskin Manager, Technical Services % % ----------------------------------------------------------------------- % % DHASKIN@CLARKU.BITNET Office of Information Systems (617)793-7193 % % Clark University 950 Main Street Worcester MA 01610 % % % % "Anyone who _moves_ before Most Holy comes back out will spend the rest % % of eternity sipping lava through an iron straw." - Cerebus %