Path: utzoo!utgpu!watmath!clyde!att!ulysses!smb From: smb@ulysses.homer.nj.att.com (Steven M. Bellovin) Newsgroups: comp.unix.wizards Subject: Re: /etc/failures Message-ID: <10958@ulysses.homer.nj.att.com> Date: 4 Dec 88 15:33:36 GMT References: <407@uwslh.UUCP> <43200055@uicsrd.csrd.uiuc.edu> Organization: AT&T Bell Laboratories, Murray Hill Lines: 19 In article <43200055@uicsrd.csrd.uiuc.edu>, kai@uicsrd.csrd.uiuc.edu writes: > 1) If a login of a single account name at a single terminal fails 3 times in > a row within a short period of time, that account is temporarily disallowed > from logging in on that terminal. > 2) If a login of a single account at multiple terminals fails 3 times in a > row, the account is temporarily disallowed from logging in at any terminal. > 3) If logins of any accounts at a single terminal fails 6 times in a row, > that terminal is temporarily disabled. What's a ``terminal'' to be disabled? I'm serious. What you suggest may or may not have merit in an environment where most access is via hard-wired lines these days, however, the real threats are via networks or dial-up connections. Even in a campus environment, many (most?) folks are using some sort of port selector, front-end switch, Ethernet TAC, etc. It's rare that any physical port can be associated with a login attempt.