vsh@uunet.uu.net (Steve Harris) (12/01/88)
What with all the publicity about the virus, management is suddenly becoming very security consicous. Simultaneously, I am in the process of purchasing additional modems and phone lines. They want to be sure our network will not be raped by some cracker dialing in on our new lines. The following solution has been proposed: When an outsider connects to a dial-in port, instead of getty/login, a special program receives the call, prompts for a username and return phone number (and perhaps baud rate), and disconnects. The program verifies the username and phone number against some file, and then calls the user back. When the connection is made, the user logs in as usual (presumably the program forks or execs getty or login). I can see that there might be some tricky stuff in writing such a program. Basically, much of the stuff getty does would have to be duplicated. Since I no longer have access to sources, I'd much rather use somebody else's program than write one from scratch. So... Does anybody out there have such a program? Or know of its existence in any of the source archives? BTW -- we are running Ultrix-32 (Rev. 2.2) on a uVax, and SunOS 3.[45] on numerous Sun 3's. I would think such a program would work on either system. Send email, I will summarize. Thanks in advance for any help. -- Steve Harris -- Eaton Corp. -- Beverly, MA -- uunet!etnibsd!vsh
rodgers@maxwell.mmwb.ucsf.edu (12/14/88)
In v7n31, Steve Harris writes: > What with all the publicity about the virus, management is suddenly > becoming very security consicous. ... They want to be sure our > network will not be raped by some cracker dialing in on our new lines. > The following solution has been proposed: ... > I can see that there might be some tricky stuff in writing such a program. > ... I'd much rather use somebody else's program than write one from scratch. We have had such a program running reliably for over 4 years. "Callback" is available as part of the System Manager's Toolkit (SMT), from the Berkeley Campus Software Office. Contact Claire LeDonne (ledonne@violet.berkeley.edu) for details. Good luck! R. P. C. Rodgers, M.D. Telephone: Statistical Mechanics of Biomolecules (415)476-8910 (work) Department of Pharmaceutical Chemistry (415)664-0560 (home) University of California, Box 1204 E-mail: Laurel Heights Campus, Room 102 ARPA: rodgers@cca.ucsf.edu 3333 California St. rodgers@maxwell.mmwb.ucsf.edu San Francisco CA 94118 BITNET: rodgers@ucsfcca USA UUCP: ...ucbvax.berkeley.edu!cca.ucsf.edu!rodgers
JDEBE@MTUS5.BITNET (12/16/88)
An alternate solution to you problem that you may want to consider is a
callback modem. We have one here at Michigan Tech.
The way it works is as follows:
1) The user calls the modem.
2) The modem asks for a userid, password combination and hangs up.
3) If the userid, password combination is valid, the modem calls
back to the userid's registered phone number and prompts for the
userid, password combination again.
4) Upon verification of the combination the connection is then passed
thru to the host.