Sudden trouble logging in to my ISP

Subject: Sudden trouble logging in to my ISP
From: James David Bruchie (dave@alaska.net)
Date: Sat Sep 07 2002 - 19:53:19 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: The Fueley: "Sound"
• Previous message: Fielder George Dowding: "Re: Box For Sale"
• Next in thread: Timothy W. Gibson: "RE: Sudden trouble logging in to my ISP"

I've been running Linux on my home machine for several years now.
I've been using Internet Alaska as my ISP for about as long. Sometime
between 13:00 and 17:45 last Thursday something changed, and I could no
longer log in to my ISP account. Shortly after my login script sent the
password, the send/recieve lights on the modem would start flickering
and would stay that way, I never got my IP addresses. If I waited long
enough I got a message somethig like "invalid login id".

I called tech support and they changed my password, but could not fix
my problem. Eventually I enabled pppd debug messages, and noticed the
server was sending <auth pap> in the LCP messages, and my system was
rejecting it. I tried setting up a pap-secrets file with my ISP user ID
and password, that got me logged on. In looking at the debug output my
system is sending my ID and password a second time embedded in the LCP
messages.

I had a laptop with a windows 2000 partition left on it. I set it up to
dial in with its internal modem, it worked fine. Tech support tried
logging in with a MAC on a serial line with my ID, it worked fine.

Has anyone else noticed this happening?

In looking for the problem I noticed things going on with my logs:

/var/adm/messages started thursday morning (sept 5) at 4:40
with several lines of "syslogs 1.4.1: restart"
A new file, /var/adm/messages.1, stopped at 4:22:08
This was apparantly my original messages file.
I noticed several other files with .1 suffixes
I reloaded my system (I was upgrading anyway) from cdroms.

If I got hacked, I certainly left the door open. I was in the middle of
loading slackware 8.1 on new hardware (athlon 2200+). I had not yet
cleaned up inetd.conf and friends, then decided to down load the new
slackware 9.0 beta over night. Not my most brilliant move.

I'm not sure how this could have affected how I log in to my ISP, unless
it some how wiped out an existing pap-secrets file I did not realize I
had. However I do not remember ever creating a pap-secrets file before,
and I've been at this for several years and half a dozen system upgrades.

Dave Bruchie

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: The Fueley: "Sound"
• Previous message: Fielder George Dowding: "Re: Box For Sale"
• Next in thread: Timothy W. Gibson: "RE: Sudden trouble logging in to my ISP"

This archive was generated by hypermail 2a23 : Sun Sep 08 2002 - 15:38:57 AKDT