My guide to fascist syslogging (or how I caught the internet worm)
The Beach Bum
jfh at rpp386.Dallas.TX.US
Mon Dec 5 06:05:30 AEST 1988
In article <2428 at cbnews.ATT.COM> lvc at cbnews.ATT.COM (Lawrence V. Cipriani) writes:
>In article <1988Nov30.170027.15960 at utzoo.uucp> henry at utzoo.uucp (Henry Spencer) writes:
>>But be careful that your logs are secure. It is a verifiable fact that
>>people sometimes type passwords instead of login names, due to slow response
>>or confusion or etc.
>
>Good point. In the login logging I wrote the login name is recorded only if
>it is a legal login name, other wise "unknown" is recorded. This is done for
>precisely the reason you gave.
In a previous life, I added a field to lastlog.h to include the number of
failed login attempts and the tty the attempt was made on, along with the
time of the last failed attempt. A large number of failures on dialup or
PC lines would help indicate someone was up to no good.
--
John F. Haugh II +-Cat of the Week:--------------_ /|-
VoiceNet: (214) 250-3311 Data: -6272 |Aren't you absolutely sick and \'o.O'
InterNet: jfh at rpp386.Dallas.TX.US |tired of looking at these damn =(___)=
UucpNet : <backbone>!killer!rpp386!jfh +things in everybody's .sig?-------U---
More information about the Comp.unix.wizards
mailing list