Re: Dial-in mgetty line security
At 11:36 PM 11/14/99 -0500, Chris Wagner wrote:
At 05:47 PM 11/14/99 -0800, Michael W. Shaffer wrote:
><> Is this adequate to protect from random dialers who might
>stumble on the modem tone and try logging in to this machine?
I think war dialers are a thing of the past really.
Nope, they are rare these days but there are hackers that still
use them, I've seen at least 2 the past year.
The hackers that persist are working with YOUR idea!
If admins think they are thing's of the past they get sloppy
on modem security! You can figure the rest out yourself...
><> Are there any other routine actions like this I should take
>to protect modem lines like this used only for occasional remote
>admin?
Set adminname to a random sequence so it will be extremely hard to guess.
Good advice, follow it.
Enable failed login tracking. Set LOG_UNKFAIL_ENAB, FAILLOG_ENAB, and
FTMP_FILE to yes. All in /etc/login.defs. You could make a script to email
you if there are any failed login attemps. That way you would be alerted to
a potential attack. Also you can use non-standard terminal settings so
anyone trying to connect who isn't in-the-know will fail. e.g. 7-E-1,
8-N-0, etc.
Not always practical, but a very good idea!
At 02:48 PM 11/15/99 +1100, Roland Gerlach wrote:
>Are you aware that entering adminname and any password will cause
>login to re-prompt for the username which will defeat your mgetty
>/bin/false security mechanism?
You can set the number of login retries to 0. In /etc/login.defs.
;-)
--
__ _____ ____ ____ ____ _____ _ _ ___ ____
| | | \ | \ | \ / | \\ / / \ | \
| | |___/ |__ |___/ | \_/ | | |___/
| | | \ | | \ | | | | | \
|___/__|__ |____/ |___/ | \ | | \___/ | \
_____ ____ __ _____ _ _ _
| \ | \ /\ / | \ / \ |
| | |__ /__\ | |____| |
| | | / \ | | | |
|____/ |___/ \ / | \ / o
--
Hmmm, I prefer fighting for liberty ;-)
Regards,
Onno
Reply to: