[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: syslog options, OPIE (S/Key) -- When?

On Tue, 13 May 1997, Jim Dennis wrote:
>What is the command to extract this information from wtmp?


>I fail to see the full line of reasoning here.  If the cracker is
>"successful" he will have completed a successful passwd change he'll see
>that something on the system noticed it.  He may guess that a copy (Bcc:
>or separate) has gone to the sysadmin team -- and therefore guess that
>the gig will soon be up.  However -- I don't see how this will change the
>"successful" cracker's strategy.

It sounds like you're in an unusual environment, so this may not apply
to you.  Once the hacker gets in, he can impersonate the legitimate user
of the account, establish a working relationship with management, and
dispell suspicion.  By calling the user (or by using some other direct
contact method), you ensure that you aren't talking to the hacker,
you know you're talking to the legitimate user, and you don't give the
hacker any indication that you're aware of his possible presence (possibly
giving you a better chance of monitoring and catching the hacker).

    Steve Coile           P a t r i o t  N e t      Systems Engineering
 scoile@patriot.net      Patriot Computer Group        (703) 277-7737

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []