How to kill telnet site info?!?!?!?!

How to kill telnet site info?!?!?!?!

Post by Nikolaos Daniel Willmo » Tue, 11 Jan 1994 06:13:05



I am asking again, the question I have gotten no answer to in another post:

When I telnet to my personal account at Netcom ("normal" Unix account),
how do I hack away the readily available info on what site (work) I am
telnetting in from. I have learned how (in theory) how to kill the 'w'
info about what commands I am using, but NOT how to remove the telnet
info. The gossipy people at my site who read Usenet can thus easily figure

doing 'rusers' on the site I am telnetting in from.

If there was a site not allowing fingering, that I could telnet to and then
telnet to Netcom from....

Please do not post just to say "Uh, I don't think you can do that..."
unless you regularly post to comp.unix.wizards and do not get flamed for
doing so. Thanks. -Nik

 
 
 

How to kill telnet site info?!?!?!?!

Post by Daniel G. Pouzzn » Tue, 11 Jan 1994 08:29:03


Uh, I don't think you can do that...

*grin*

to explain:

when you open a session to another machine, typically via TCP/IP, each
machine's kernel maintains descriptors sufficient to reveal the _ p_ e_ e_ r.
theoretically, a unix machine could be configured such that these
descriptors are hidden from everyone but root and their owner (if
other than root). this is way far from reality, however. 'ps' is just
the beginning of your problems if you're trying to achieve the privacy
you're entitled to. you already know about the 'fingerd' situation. in
addition, some machines accept requests on a 'who' port that provides
info similar to that of 'finger.' there's also a 'systat' port
sometimes enabled that sends the output of 'ps aux' to anyone on the
net. these are just the most obvious and egregious violations. there
are many more. there is a program named 'netstat' that will reveal all
open connections and their peers, including statistics on the "more
secure" unix domain sockets (though the info provided for the unix
domain sockets isn't very informative). once you've anonymized your
programs so that 'ps' doesn't reveal anything (on some systems, this
is impossible. in SunOs 4.x, ps has a switch that causes it to display
the internally maintained kernel labels, instead of the argv actually
passed to the program. only root can change this, and then only by
going to quite a bit of trouble), and figured out how to send
anonymous email and netnews posts, the very existence of a peer still
leaves you vulnerable. ok, enough technoramble. how would you create a
machine that respected people's rights?

i did this once. it had hacked versions of login, fingerd, and didn't
allow netstat. ps, a necessary diagnostic tool for everyone, was still
available, but since users can achieve an arbitrary degree of
deception as far as their program labels are concerned (by renaming
the program "toot" and killing argv) this isn't an issue. login had
the ability to specify users whose machines of origin were to be
concealed. moreover, users in this list (the "paranoid" list,
/etc/paranoid) were required to use kerberos authentication to log in.
this absolutely prevented the violation of their account, since the
users' passwords never passed over the net in cleartext.

the problem here is that a normal user has no ability whatever to
control host attributes. the only way to get any privacy is by
contacting the sysadmin of the host in question, and this may be
fruitless anyway.

ok, so in conclusion, as but a "lowly user" your only reliable
recourse for reasonable anonymity is to insert a hunk of phone-net
somewhere in your connection. i promise you traceroute won't make the
hop into your modem. :-)
--

Key fingerprint =  0B 99 0D 4F E8 55 9A 95  43 C1 7F B5 DF 8F E3 33



 
 
 

How to kill telnet site info?!?!?!?!

Post by Barry Margol » Tue, 11 Jan 1994 09:35:31



Quote:>When I telnet to my personal account at Netcom ("normal" Unix account),
>how do I hack away the readily available info on what site (work) I am
>telnetting in from.

Try "exec login".  This will prompt you again for your user name and
password, and will then re-login.  Since this login is considered local
rather than network, it won't have a host name.  And since it's on the same
terminal as the original login, it will overwrite the entry in /etc/utmp.

Note, however, that this won't erase the info in the log that "last"
displays.
--
Barry Margolin
System Manager, Thinking Machines Corp.


 
 
 

1. KILL KILL KILL

I want to kill a login of mine on the eXceed X-Windows emulator. I've
tried all I can think of and e-mailed my admin (they do nothing!). I'm
concerned that someone could log on to the PC that is running the
eXceed windows login session and mess up my account. I can't get to
the PC and I can't find a pid for the login or shell, but a look at
"who" shows I'm still logged in. Any guru's have a good idea what I
can do? Its getting me down :-(

--
         -= Daniel P Merriott =-
        ~~~~~~~~~~~~~~~~~~~~~~~~~

2. Adding fixed font

3. Kill COREL; Kill COREL; Kill COREL; ...

4. Unnumbered PPP - how?

5. A method to kill process that cannot be killed even with `kill -9'.

6. SCSI command lengths wrong in kernel?

7. How to kill process which not killed by 'kill' ?

8. Modem usage with DOSEMU

9. READ THE ONLY WEB SITE THAT WANTS TO KILL JEWS AND BLACKS