Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site decwrl.DEC.COM
Path: utzoo!watmath!clyde!burl!ulysses!bellcore!decvax!decwrl!dec-rhea!dec-jon!moroney
From: moroney@jon.DEC (Mike Moroney)
Newsgroups: net.crypt
Subject: Re: foiling password crackers
Message-ID: <974@decwrl.DEC.COM>
Date: Thu, 6-Feb-86 22:25:59 EST
Article-I.D.: decwrl.974
Posted: Thu Feb  6 22:25:59 1986
Date-Received: Sun, 9-Feb-86 05:49:09 EST
Sender: daemon@decwrl.DEC.COM
Organization: Digital Equipment Corporation
Lines: 19


>This would be better in a security newsgroup, but there isn't one, so
>this will have to do.
 
>We have all heard of losers who try to break into systems by calling
>up, and trying to log in by exhaustively trying groups of possible
>passwords.  Some login programs hang up the phone after a number of
>attempts.  A simple refinement which I've never heard mentioned would
>be to have the login program simply disable the ability to log in
>successfully after a number of attempts, without notifying the user.
>This would let the unsuspecting loser keep trying to log into your
>system while you had plenty of time to trace his phone line without
>your having to worry about his gaining entry to your system.
 
>	Andrew Tannenbaum   Interactive   Boston, MA   617-247-1155

VMS V4 already has this. (Lots of other security goodies, too)

-Mike