Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!helios!skdutta From: skdutta@cs.tamu.edu (Saumen K Dutta) Newsgroups: comp.unix.internals Subject: Re: Finding Passwords Message-ID: <8836@helios.TAMU.EDU> Date: 5 Oct 90 17:09:13 GMT References: <6773@uwm.edu> Sender: usenet@helios.TAMU.EDU Organization: Computer Science Department, Texas A&M University Lines: 34 In article bzs@world.std.com (Barry Shein) writes: -> ->>Hold on! Then what point is served? The "printout" would have to be ->>performed by login itself. Having a suid program or some similar "external" ->>program would be useless - it could just as easily be called by a spoofer. -> ->You missed my point. -> -> ......... ->If there were a program in your .login or .profile, call it logbad, ->which queried the number of bad attempts and printed something like: -> -> 0 bad logins since last successful on Nov 9, 1965 20:06 -> ->you would be able to say "hmm, I just got a login incorrect WHY IS ->THAT COUNT ZERO!!!" -> ->Now, I guess the spoofer could walk over to another terminal and cause ->one bad login to occur. Perhaps a "logbad -l" should be run by hand ->when suspicions arise which would report the exact time and terminal ->each bad login occurred (it would be easy to store such info.) -> I am wondering what can happen if the trojan program before exiting or before exec'ing runs a bad login anyway just to make sure that the user records one bad login. The time will not be much different for the user to suspect! -- _ ||Internet: skdutta@cssun.tamu.edu ( /_ _ / --/-/- _ ||Bitnet : skd8107@tamvenus.bitnet __)_/(_____(_/_(_/_(_(__(_/_______ ||Uucp : uunet!cssun.tamu.edu!skdutta .. ||Yellnet: (409) 846-8803