Re: Another request for passwords
Charles Howes (chowes@helix.net)
Thu, 27 Oct 1994 01:20:48 -0700 (PDT)
On Mon, 24 Oct 1994, Doug McLaren wrote:
> As far as neat sendmail headers, the one I got had this :
>
> From vanepp@sfu.ca Sat Oct 22 23:30:14 1994
> Received: from trance.helix.net (root@helix.net [142.231.37.2]) by algol (8.6.9/8.6.9) with ESMTP id XAA28350 for <dougmc@slip-4-15.ots.utexas.edu>; Sat, 22 Oct 1994 23:30:11 -0500
> Received: from (girling@helix.net [142.231.37.2]) by trance.helix.net (8.6.9/Trance.helix.net 8.6.9) with SMTP id VAA08021 for dougmc@slip-4-15.ots.utexas.edu; Sat, 22 Oct 1994 21:34:25 -0700
>
> Isn't identd fun ? Sure, it's possible that this was spoofed, or is
> just plain incorrect, but I'd bet $ that the bozo just screwed up.
> Looks like he telneted to the sendmail port on his own machine ...
Yep, I'm glad I installed it. Not only does it catch novice crackers,
but it also points out when you've got an expert cracker, by the
absence of identd info from a formerly identd site. A super cracker
will be able to fake the identd such that it blames someone who was on
at the time and also has the knowledge and motive to forge mail,
and forging all process accounting records too. Oh, yeah, and faked
keystroke logs, if *that* is happening.
You know, the kind of perfect frame-up that is so rarely seen these days?
> --
> Doug McLaren, dougmc@comco.com, 512-467-0618, ext 28
>
--
Charles Howes -- chowes@helix.net
Always tell the truth, then you make it the other bloke's problem!
- Sean Connery, 1971