Path: utzoo!utgpu!watmath!clyde!att!ulysses!smb
From: smb@ulysses.homer.nj.att.com (Steven M. Bellovin)
Newsgroups: comp.unix.wizards
Subject: Re: /etc/failures
Message-ID: <10958@ulysses.homer.nj.att.com>
Date: 4 Dec 88 15:33:36 GMT
References: <407@uwslh.UUCP> <43200055@uicsrd.csrd.uiuc.edu>
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 19

In article <43200055@uicsrd.csrd.uiuc.edu>, kai@uicsrd.csrd.uiuc.edu writes:
 
> 1)  If a login of a single account name at a single terminal fails 3 times in
> a row within a short period of time, that account is temporarily disallowed
> from logging in on that terminal.
 
> 2)  If a login of a single account at multiple terminals fails 3 times in a
> row, the account is temporarily disallowed from logging in at any terminal.
 
> 3)  If logins of any accounts at a single terminal fails 6 times in a row,
> that terminal is temporarily disabled.

What's a ``terminal'' to be disabled?  I'm serious.  What you suggest
may or may not have merit in an environment where most access is via
hard-wired lines these days, however, the real threats are via networks
or dial-up connections.  Even in a campus environment, many (most?)
folks are using some sort of port selector, front-end switch, Ethernet
TAC, etc.  It's rare that any physical port can be associated with a
login attempt.