Date: Sun, 15 Dec 1996 15:21:44 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: aleph1@dfw.net (Aleph One) Cc: terry@lambert.org, rb@gid.co.uk, proff@iq.org, security@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: vulnerability in new pw suite Message-ID: <199612152221.PAA24138@phaeton.artisoft.com> In-Reply-To: <Pine.SUN.3.94.961215153914.15514A-100000@dfw.dfw.net> from "Aleph One" at Dec 15, 96 03:40:43 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Just because the passwd is shadowed does not mean it wont be cracked. The > are programs that will brute force passwords using POP, TELNET, RSH, etc. And as a result will hit source/attempt based security triggers on any real machine, and automatically shut down future attempts until such time as the administrator can deal wit the alerts to the systems satisfaction. Try five failed login attempts to telnet on a Sun machine. It delays (and reports) each failed attempt, and drops the connection (after as huge delay) after the fifth. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612152221.PAA24138>