Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!killer!vector!rpp386!jfh From: jfh@rpp386.Dallas.TX.US (The Beach Bum) Newsgroups: comp.unix.wizards Subject: Re: My guide to fascist syslogging (or how I caught the internet worm) Message-ID: <9120@rpp386.Dallas.TX.US> Date: 4 Dec 88 20:05:30 GMT References: <1326@helios.ee.lbl.gov> <1988Nov30.170027.15960@utzoo.uucp> <2428@cbnews.ATT.COM> Reply-To: jfh@rpp386.Dallas.TX.US (The Beach Bum) Organization: Big "D" Home for Wayward Hackers Lines: 19 In article <2428@cbnews.ATT.COM> lvc@cbnews.ATT.COM (Lawrence V. Cipriani) writes: >In article <1988Nov30.170027.15960@utzoo.uucp> henry@utzoo.uucp (Henry Spencer) writes: >>But be careful that your logs are secure. It is a verifiable fact that >>people sometimes type passwords instead of login names, due to slow response >>or confusion or etc. > >Good point. In the login logging I wrote the login name is recorded only if >it is a legal login name, other wise "unknown" is recorded. This is done for >precisely the reason you gave. In a previous life, I added a field to lastlog.h to include the number of failed login attempts and the tty the attempt was made on, along with the time of the last failed attempt. A large number of failures on dialup or PC lines would help indicate someone was up to no good. -- John F. Haugh II +-Cat of the Week:--------------_ /|- VoiceNet: (214) 250-3311 Data: -6272 |Aren't you absolutely sick and \'o.O' InterNet: jfh@rpp386.Dallas.TX.US |tired of looking at these damn =(___)= UucpNet :!killer!rpp386!jfh +things in everybody's .sig?-------U---