Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!mit-eddie!minya!jc From: jc@minya.UUCP (John Chambers) Newsgroups: comp.unix.wizards Subject: Re: 60-second timeout in Unix login Message-ID: <419@minya.UUCP> Date: Sat, 28-Nov-87 16:40:44 EST Article-I.D.: minya.419 Posted: Sat Nov 28 16:40:44 1987 Date-Received: Tue, 1-Dec-87 05:58:48 EST References: <4139@venera.isi.edu> <2167@tut.cis.ohio-state.edu> <440@uni2.bcm.tmc.edu> Organization: home Lines: 19 In article <440@uni2.bcm.tmc.edu>, rick@svedberg.bcm.tmc.edu (Richard H. Miller) writes: > Another approach to hacker frustration is to pause between prompts for > userid and as a user enters an unsuccessful userid/password, double the > wait time. Thus as a person attempts to crack you system, it will take > longer and longer to have Unix prompt for the userid after a bad guess. > This is one of the methods that OS-1100 plans to implement for their B1 > security EXEC. A couple years back, I worked on a system where the getty did this. The trouble was, the dial-in ports got quite a few random "characters" coming in, which looked to getty like invalid attempts to log in, so it slowly jacked up the delay. When a real user connected, it took forever to get any prompts. I had to subvert this "feature" in order to alleviate the users' frustration. Eventually, I solved it better by installing my own logger and doing away with getty, but that's another tale. Without the source, I probably would have been forced to replace getty right away. -- John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)