home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!cs.utexas.edu!sdd.hp.com!hamblin.math.byu.edu!arizona.edu!east.pima.edu!rharwood
- Newsgroups: vmsnet.sysmgt
- Subject: Re: HELP: Attempted break-ins?
- Message-ID: <1992Dec21.215631.1@east.pima.edu>
- From: rharwood@east.pima.edu
- Date: 21 Dec 92 21:56:31 MST
- References: <1992Dec18.145352.16583@vax5.cit.cornell.edu>
- Distribution: vmsnet
- Lines: 28
-
- In article <1992Dec18.145352.16583@vax5.cit.cornell.edu>,
- yqdx@vax5.cit.cornell.edu writes:
-
- > Lately, several users of our VAXStation 3200 have been reporting that
- > when they log in, it often says "one unsuccessful attempt since last
- > login." It is not on every account, and it is not as distressing as if
- > it said "10000 failed attempts" or whatever. However, our computer's
- > address is not broadcast to the world, so we do not expect any random
- > "noise."
- > It has happened enough that I am concerned. Are there techniques for
- > logging the origin of attempted logins, and/or all logins in general?
- > I apologize if this is common knowledge, for I am still a novice system
- > administrator. We are currently running VMS 5.3. Any help would be greatly
- > appreciated.
-
- I personally always leave auditing enabled for failed logins and breakins. I
- also have a .COM file in a batch queue that runs EVERY night, which reports the
- time/terminal/userID of every failed login attempts during the previous 24
- hrs... and I read this file RELIGEOUSLY.... I know when something "random" is
- happening, and when it's becoming "systematic". I have *almost* caught people
- trying to break into privileged accounts... I HAVE scared them off! <grin>
-
- Ray
- -----
- Ray Harwood |Data Basix |Adjunct Faculty, East Campus,
- Voice: (602)721-1988 |PO Box 18324 | Pima Community College
- FAX: (602)721-7240 |Tucson, AZ 85731 |Instructor in Ada and Pascal
- CompuServe: 76645,1370|AppleLink: DATA.BASIX|Internet: rharwood@east.pima.edu
-
