You wrote: | >>>>> "EA" == Ed Arnold <era@ucar.edu> writes: | | EA> James Bonfield wrote: | >> A typical spoof would be: | >> | >> rlogin targethost -l -htargethost | >> | >> Then type in the user and password. It'll then appear to last, who and | >> probably finger, on targethost that the user has logged in from that | >> system, not from remotely. | EA> Both 4.1.3_U1 and AIX 3.2.5 appear to be safe ... | | But not on AIX 3.2.4, on this system this Trick does its work. Try the -f abuse on that 3.2.4 system. I seem to remember IBM fixing -h at the same time as -f. I think the syntax was rlogin -l -froot hostname Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume