Back to the main page

Mailing List Logs for ShadowRN

From: Sommers <sommers@*****.UMICH.EDU>
Subject: Re: Weird Campaigns
Date: Thu, 21 May 1998 16:17:28 -0400
At 01:10 PM 5/21/98 EDT, you wrote:
>>From Sommers, the following:
>
>> Third time, you're in trouble. The login won't work until you sever your
>> connection, ie. reboot the system. Even then, you cannot use that account
>> to log in. The security program (a subroutine of the network program)
>> temporarily marks that account with NO access rights and sends a page to
>> the netadmin. He has to log onto a terminal somewhere as a superuser, go
>> into the security program, and reset the guy's account.
>>
>> In now way does my screwup with my password affect my neighbor's
ability or
>> rights to login.
>
>Where the analogy breaks down is, the SR decker is presumably not using the
>same "account" when he logs in each time. How's the system to know that
Decker
>Bob, coming in for a second try, is any different from legit user Steve,
>coming in to check his e-mail?

No, he almost definitely doesn't use the same account unless he has a user
name that he knows the password for. I imagine what happens is his masking
(or maybe sleaze) has a program that generates a user/password combo that
fools the system into thinking that an authorized user (or systems check,
etc) is logging on. But those programs would have certain flaws in them,
like using similar types of login names. The higher the program, the more
random those files are that are used. The better the security, the closer
it checks for those kind of anomolies.

>Or, for a more symmetrical example, that Decker Bob, coming in for try #2, is
>any different from Decker Cindy, coming in for the first time that day?
>
>See, the problem with an individual tally is that you can just sign off and
>then back on again; also, you can "tag-team" a datarun and take turns doing
>things, "spreading out" the tally. (Of course, it stands to reason that you
>SHOULD be able to benefit from having buds)
>
>- Disney Shaman

The other thing that this software can track is where the data is coming
from. For us, its the IP number of the system that they're logging into.
For SR, the decker has to get in from SOMEWHERE, whether its the phone in
his apartment, a terminal inside the archology, or a soda machine in the
basement. That entry point has to have an address (an IP for us) that
corresponds to where the data is coming in. You can track that data in the
security program, seeing that in 20 seconds 10 different users put in the
wrong password. And its hard to fake that IP number (for lack of a better
term) because then the computer wouldn't know where the data is coming
from. Likely result is loss of data and crash of program.

That also explains why its easier to deck from a point inside the physical
building. The security system is going to check data and users inside the
system less than outside lines (and its not going to check to soda machine
very often)!

So if 2 deckers come in from 2 diff points, there's going to be a tally for
each of them. If they both went in at the same point, they're tally's
would be added together. But global alerts would not be set off from a few
deckers unless they did some major, loud damage.

Sommers

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.

Thwap!