Help: Need to foil intruder on my (AIX) system using ftp

Help: Need to foil intruder on my (AIX) system using ftp

Post by Peter Marda » Sat, 02 Mar 1996 04:00:00

Dear Mr. Thomas,

  If you want to fix the security problems without stirring
the pot, I suggest you use an anonymous remailer to let your
bosses and the sysadmin know that your system is being compromised.

  Someone else suggested that you run TCP wrappers to log and
deny access.  I use this approach myself, but it can be gotten
around also.

  It's important that you clean these people off your system,
because not only are your own machines at risk, but you may
be held liable for the damage these guys do FROM your systems
to other sites on the internet.




Help: Need to foil intruder on my (AIX) system using ftp

Post by Denice Deatri » Thu, 07 Mar 1996 04:00:00

>At my organization, our inept NIS/network adminstrators have blocked
>everyone's workstations in our area from accessing the internet
>through our gateway, except those who have justified getting access,
>authorized by management.
>Unfortunately, the access blocking mechanism they used is pathetically
>easy to get around:
>All our networked (AIX 3.25) systems are on an NIS LAN, with each
>user's account automounted.  They've blocked ftp and telnet by
>authenticating at the originating socket level, meaning that a request
>is authorized if it originates from the authorized system's IP
>address.  All any unauthorized user needs to do is rlogin to my
>system, and initiate the ftp request, and make transfers to globally
>available fileservers.

[snip some more]

Since you are using NIS, why don't you make a netgroup of users who are
allowed to log onto the machine, and install that netgroup in the passwd
file on the authorized machine. So in place of the usual NIS map token

instead of              +::0:0:::

Then people not in the group will not be able to log in.  If I have
understood your problem correctly, then this would help (at least until
you find something more elegant).


--> This moment's fortune cookie:
Heuristics are bug ridden by definition.  If they didn't have bugs,
then they'd be algorithms.


1. Help! intruders in my system!

     We discovered that somebody cracked into our system due to a poor
choice of password by one of our users (password=his first name, ARRGG!!).

I know where this guy logged in from, and he/she even set up an account
for him/herself with /tmp as home directory.

My question is: is there any way to set up a trap? I am far from being
a Unix guru, so any help will be appreciated.

Please e-mail to any of the addresses below,

                         Thanks a lot in advance

The University of Chicago               |  phone: (312) 702-8203

2. AIX C++ dependency error

3. Help needed to check for intruders

4. Diamond SpeedStar PCI can't do 1024x768

5. need help: samba mount intruder

6. Newbie Q: Xfree86 and RedHat 5.2

7. tracking an intruder (AIX 4.1.5) IBM RS6000

8. Netscape problems in RH 6.0 Linux

9. FTP as/400 to aix script, need help

10. !! Help needed using telnet or ftp to get in!!

11. Need help with DNS -> ftp,telnet,etc not using

12. PAM and FTP = System error ? Help needed

13. AIX guy needs help with Solaris file systems