[HECnet] Botnet hits on 23/tcp
G.
gerry77 at mail.com
Tue Oct 25 10:51:52 PDT 2016
On Tue, 25 Oct 2016 17:48:45 +0300, Sampsa Laine wrote:
> Also, is renaming the SYSTEM account likely to break stuff? They seem to be
> targeting that specific username so I figured I’d change it to STALIN or
> something…
Instead of renaming it, you may want to disable interactive logins for the
SYSTEM account altogether, or you may want to investigate about tightening
timeouts for the intrusion detection function (see SHOW INTRU command), so
that VMS will not allow logins from accounts for which a certain threshold
has been reached, even if the attacker guesses the password. :)
HTH,
G.
More information about the Hecnet-list
mailing list