>
> Brian,
>
> If you can identify which tty the unwanted user is connected to you can
> kill the login / csh / rsh which he or she came in on. You can also
> get tcpwrapper and only allow telnet and other connections to be made
> by hosts in the hosts.allow or deny those in the hosts.deny. If you have
> tcpwrapper on the system then quickly add the host that the unwanted user
> came in from and HUP the inetd.
>
> Only one of many possible solutions,
>
> Kevin
>
>
>
> --
> =============================================================================
> Kevin J. Dyer Draper Laboratory MS 23.
> Email: <kdyer @
draper .
com> 555 Tech. Sq.
> Phone: 617-258-4962 Cambridge, MA 02139
> FAX: 617-258-2121
> -----------------------------------------------------------------------------
> "The unhandyman: You know you're out of your depth when a visit
> to Home Depot feels like a physics seminar at MIT" - John Powers
> =============================================================================
>
>
hi kevin,
let's expand on this with more assumptions:
- tcpwrapper is installed and has been circumvented :( most unfortunate!
In this situation, it becomes increasingly difficult to guarantee the
security of the system/network.
what do you think of the following:
i find an invader on the system,
i have one program which i can use to:
- with a specified tty or userid or someother unique identifer
- close the shell,
- modify hosts_access to deny invader's netadr (and userid, possibly)
and - (something else necessa here? fill in)
how's that?
-brian
|
|
