> Watch out here. rcp is one of the best ways a cracker can transfer toolkits
> to your system without leaving any log. Scenario is that he/she/it logs in
> as a common user, then places a "+ +" rhosts entry for the user, then uses
> rcp to transfer over a toolkit. rcp isn't logged.
I've modified the Berkeley rshd (used by rsh and rcp) to log all connections
in wtmp, as login and ftpd already do. Logs contain the initiating host,
the source login on that host, and the target login on the destination
This seems to be a resonable compromise between running with released
(non-logging) versions of rshd, and removing the features which make
remote commands useful in the first place.
Data Security Leader VOICE: +1-612-683-3129 (1-800-284-2729 x33129)
Cray Research, Inc. FAX: +1-612-683-3099
Eagan, Minnesota, USA EMAIL: btk @
Re: DNS w/NIS
From: Brad .
COM (Brad Powell)