On Thu, Aug 10, 2000 at 05:45:09PM -0400, Noel L Yap wrote:
> OK, then. Given an attack, there's a 1 out of 10 chance that someone can pose
> as someone else. That's still pretty high.
Yes that's true, given an attack there is a 1 in 10 chance someone will
be posing as someone else. In that case I disable the userid and wait to
see what explanation I get from the userid in question (since I wouldn't
yet know if they're the attacker or the victim).
So what's wrong with that?
> >> So now what, you revoke priveleges from the person who was impersonated?
> >
> >Yes. Because either they are doing something nasty or someone has
> >compromised their password.
> >
> >I do use real unix uids so I can determine which *userid* did the damage,
> >providing they don't break root (in which case no authentication system
> >can hope to help you, unless you have extensive off-site logging, etc.)
>
> But the real culprit gets away. This wouldn't happen with SSH.
The culprit gets away no matter what. There's nothing I can do to
them even if I find out which email address is really associated
with the attack.
Justin
