security

[<DEVANS%COLOLASP.BITNET@CUNYVM.CUNY.EDU>]

Sorry to waste bandwidth here. I have been getting quite a few private
responses to my security posting, and most of the mail I have tried
to send in reply has bounced, so I have to resort to posting here.

You can stop reading here, and I won't be offended -- this is merely a response
to those who Emailed me.

The reason that I can't just shoot the guy is that I don't have the
foggiest who he is. He comes in over the NETROM, probably from south-ish
Denver 40-50 miles away, but I can't place him better than that; he
stays on only for short periods and generally uses any old random
callsign he can think of. He uses mine when he wants to post something
particularly obnoxious, though.

Shutting off AX.25 and NETROM connects would do the job, but then none
of my regular users could use my system; and it's taken me a year or
so to build up a loyal following of people who believe that TCP/IP
systems are better at handling traffic than AX.25.

I'm not concerned about the password-over-the-air problem. My password
never gets transmitted, so no-one could find out what it is. My idea
was that the next time this bozo tries to log in as me, he will be
confronted by a password request, no matter what protocol he used
to access the system. At that point he's stuck.

Thanks for your patience... normal tcp-group service is now resumed...
  Doc