[HECnet] Botnet hits on 23/tcp
Johnny Billquist
bqt at softjar.se
Tue Oct 25 12:23:17 PDT 2016
On 2016-10-25 19:51, G. wrote:
> On Tue, 25 Oct 2016 17:48:45 +0300, Sampsa Laine wrote:
>
>> Also, is renaming the SYSTEM account likely to break stuff? They seem to be
>> targeting that specific username so I figured I’d change it to STALIN or
>> something…
>
> Instead of renaming it, you may want to disable interactive logins for the
> SYSTEM account altogether, or you may want to investigate about tightening
> timeouts for the intrusion detection function (see SHOW INTRU command), so
> that VMS will not allow logins from accounts for which a certain threshold
> has been reached, even if the attacker guesses the password. :)
Totally agree on disabling interactive logins. But I would perhaps limit
that to just network logins. (I believe VMS can also make that distinction.)
However, if the intrusion system disables the account, it becomes a
rather ugly DOS vector. Not sure how they were thinking there...
Johnny
More information about the Hecnet-list
mailing list