RE: Security Password violation?

[Jeff Bull <Jeff.Bull@xxxxxxxxxxxxxxx>]

... of course what you really need is a webcam on every terminal, the AS/400
can then take a snapshot of the prospective intruder and store it in the
Journal Entry for you ... then I woke up.

        Seriously though, you should start worrying when these 'attacks'
stop, cause that means the  password may have been cracked!

        If the display device and times of the attempts are consistent
enough to be predictable, a secreted webcam or observation is an option.  Of
course, you must make the call whether you value your data enough to take
such measures.

Jeff Bull

-----Original Message-----
From: afvaiv [mailto:afvaiv@wanadoo.es]
Sent: 20 November 2001 22:00
To: MIDRANGE-L
Subject: Security Password violation?


Hi, quite often one of our people gets his User disabled... I've
activated
Auditing, and after any of these occassions I can see (DSPAUDJRNE  with
type PW) that there were some attempts to use his userID and a failing
Password.

But the audit journal entry gives no more info than date and time...

Joblog for job QZSOSIGN also gives only
 Message ID . . . . . . :   CPIAD06       Severity . . . . . . . :   10
 Message type . . . . . :   Information
 Date sent  . . . . . . :   19/11/01      Time sent  . . . . . . :
13:24:12
 Message . . . . :   Password not correct for user profile.
 Cause . . . . . :   The password received for user FERNANAN was not
correct.
 Recovery  . . . :   Correct the password and try the request again.

I'd like to see, at least, the IP address the intent came from, maybe
even
the userID that was signed to Windows at the PC the request came from...

any additional info that can enlighten the path to find what's going on.

Maybe it's even the user himself doing something wrong without even
knowing
it! But how to get to know it if there si such small info.

I've considered writing my own ExitProgram for the SignOnServer, but was

hoping there'll be a direct way of getting that info without having to
reinvent the wheel?
-------------------------
Antonio Fernandez-Vicenti
afvaiv@wanadoo.es


_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.


DISCLAIMER

Any opinions expressed in this email are those of the
individual and not necessarily the Company. This email
and any files transmitted with it, including replies and
forwarded copies (which may contain alterations)
subsequently transmitted from the Company, are
confidential and solely for the use of the intended recipient. If you are not 
the intended recipient or the
person responsible for delivering to the intended recipient,
be advised that you have received this email in error and
 that any use is strictly prohibited.

If you have received this email in error please notify the IT
manager by telephone on +44 (0)208 4762000 or via
email to Administrator@itm-group.co.uk, including a copy
of this message. Please then delete this email and
destroy any copies of it.

_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.