Newsgroups: comp.admin.policy
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!uupsi!rodan.acs.syr.edu!jstewart
From: jstewart@rodan.acs.syr.edu (Ace Stewart)
Subject: Re: Possibly nefarious users
Message-ID: <1991Jun10.164952.22417@rodan.acs.syr.edu>
Organization: Syracuse Univ/Eastman Kodak Co.
References: <2D.-_.N@cs.widener.edu> <1991Jun6.214915.18946@athena.mit.edu> <1991Jun7.164102.672@progress.com>
Date: Mon, 10 Jun 1991 16:49:52 GMT

In article <1991Jun7.164102.672@progress.com> matth@progress.COM (Matthew J. Harper) writes:
>This is indeed a no-no. Not a whole lot is being done about it legally at the
>moment, but a few cases have come to trial and the accused have been found
>guilty of actions such as this.  (Randomly banging on machines to try and
>gain access.)


Wait a minute. If you have a userid GUEST on your system, _expect_
people all over the internet to try to use it. If you want a limited
group of people to use it, I suggest creating a userid of another
color (i.e. different than guest) Why? Because guest is a _standard_
on the Internet. 

Now, if the user is banging on the machine in other accounts, or has
found out there is a guest account and beats on it using the normal
passwords and still refuses to stop after some time...well heck, let
the sysadmin know (please, lets not get back into sysadmin authority)
on the other end of the connection and leave it to them.

Or, stop allowing access from that site.


>Just because a guest account exists does not mean that it is there for all in
>the world to log in and look around!  Perhaps if we looked at a different 
>situation from the same outlook:


Well...why is it there then? Do you take-out users which try to use
anonymous FTP on your system, and if it doesn't have it, want to make
sure that they lose their account? The userid anonymous is a standard,
just like guest is. Whether or not the "Internet" started off with the
idea of this doesn't matter now. It's too late  :)


>  If you leave your car unlocked with the keys in the ignition, does this give
>anyone who walks by the right to take it for a spin?  Even if they return it
>where they found it, nobody saw them do it, and there is really no proof that
>they were there?


What the heck is it with car analogies? If you leave your car unlocked
and with the keys in it, and it gets stolen...I bet you dimes to
donuts if you tell your insurance company that and try to get
insurance for your stolen car, they'll tell you you're out of your
mind and suggest buying a few Yugos if you want to do it again.

Were they there? Well, if no one saw them do it, how the hell do I
even know that anything was done that I should or should not be pissed
about? We're discussing things and making issues of things we're not
even sure happened!!!

--Ace
-- 
    Ace Stewart | Affiliation: Eastman Kodak Company, Rochester, New York
jstewart@rodan.acs.syr.edu jstewart@sunrise.bitnet jstewart@mothra.cns.syr.edu
   jstewart@sunspot.cns.syr.edu     ace@suvm.bitnet     rsjns@suvm.bitnet
