john@dutesta.UUCP ( ) (03/15/85)
At dutesta we have had severe problems with so called 'hackers' who
broke in into our VAX-750.
(An arcticle in the 'Volkskrant' 'Intermediar' and 'De Delftse Courant'.)
Embarrassing !
They namely did that with some knowledge of how people choose there passwords.
It seems to be very difficult for students and staff here to think of
passwords which are hard to guess.
The feature 'who', present at many systems and to be activated from login
was of much help for them too.
Delete that feature from /etc/passwd !
I think dutesta is rather save now; only two guesses are allowed on a
dialupline. If the right password is not typed in then the dialupline is
killed, the carrier is dropped and the line will be disabled for
at least 15 minutes.
Su also was given some treatment: no 'root' su's are allowed on a dialupline.
If there's enough interest then I'll send login.c and su.c to the net
or directly to you.
--
..!{decvax,philabs}!mcvax!dutesta!john
John Nellen, Delft Univ. of Technology