Ryan Russell/SYBASE wrote:
>
> There may be, depending on how good the records
> were kept, and how long ago it was. DHCP serevers
> can record the MAC address of who had the lease,
> and DHCP clients tend to keep renewing the same IP anyway.
> If it's a lab like at my school, they keep track of who was
> at what machine at what time.
>
> Ryan
>
While most machines do tend to keep a log of who was logged
in at what time, you can circumvent these logs, by not using
a tty when logging in (i.e. rsh ucbvax csh -i )
Beyond that, if it was a hacker, who did this, he wouldn't
have been logging in as himself...
> ---------- Previous Message ----------
> To: Krbutler
> cc: firewalls
> From: fritz @ engg2.mobinfo.com (Friedrich Fahnert) @ smtp
> Date: 10/23/96 04:28:28 PM
> Subject: Re:
>
> kathleen butler wrote:
> >
> > In a recent attack by a person at a university, we were able to determine the
> > IP address, which was at a university, but could not establish who was
> > responsible. (The individual was in a pool of computers that they could log on
> > to). Is there a way to determine which student was responsible? Also, if I use
>
> NO. THERE IS NOT.
>
> Unless the user identified himself via his PGP signature, SecurID, or
> S-Key.
>
> > DHCP internally, is there a way to match an IP address to a user for any
> > specific transaction?
>
> --
>
\-------------------------------\
\ \ __
\ F Fahnert \ | \
> -------------------- >------| \ ______
/ / --- \_____/**|_|_\____ |
/fritz @
mobinfo .
com / \_______ --------- __>-}
/-------------------------------/ / \_____|_____/ |
* |
{O}
References:
-
Re:
From: Ryan Russell/SYBASE <Ryan .
Russell @
sybase .
com>
|
|
