Re: Another request for passwords

[chowes () helix net (Charles Howes)]

On Mon, 24 Oct 1994, Doug McLaren wrote:

> As far as neat sendmail headers, the one I got had this :
>
>    From vanepp () sfu ca  Sat Oct 22 23:30:14 1994
>    Received: from trance.helix.net (root () helix net [142.231.37.2]) by algol (8.6.9/8.6.9) with ESMTP id XAA28350 
> for <dougmc () slip-4-15 ots utexas edu>; Sat, 22 Oct 1994 23:30:11 -0500
>    Received: from  (girling () helix net [142.231.37.2]) by trance.helix.net (8.6.9/Trance.helix.net 8.6.9) with SMTP 
> id VAA08021 for dougmc () slip-4-15 ots utexas edu; Sat, 22 Oct 1994 21:34:25 -0700
>
> Isn't identd fun ?  Sure, it's possible that this was spoofed, or is
> just plain incorrect, but I'd bet $ that the bozo just screwed up.
> Looks like he telneted to the sendmail port on his own machine ...

Yep, I'm glad I installed it.  Not only does it catch novice crackers,
but it also points out when you've got an expert cracker, by the
absence of identd info from a formerly identd site.  A super cracker
will be able to fake the identd such that it blames someone who was on
at the time and also has the knowledge and motive to forge mail,
and forging all process accounting records too.  Oh, yeah, and faked
keystroke logs, if *that* is happening.

You know, the kind of perfect frame-up that is so rarely seen these days?

> -- 
> Doug McLaren, dougmc () comco com, 512-467-0618, ext 28

--
Charles Howes -- chowes () helix net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971