Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site ncsu.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!bellcore!decvax!mcnc!ncsu!hes
From: hes@ncsu.UUCP (Henry Schaffer)
Newsgroups: net.crypt
Subject: Re: foiling password crackers
Message-ID: <2996@ncsu.UUCP>
Date: Wed, 12-Feb-86 14:29:26 EST
Article-I.D.: ncsu.2996
Posted: Wed Feb 12 14:29:26 1986
Date-Received: Fri, 14-Feb-86 03:32:06 EST
References: <588@bentley.UUCP>
Organization: N.C. State University, Raleigh
Lines: 17

The article in The Oct. 1984 AT&T Bell Labs Technical Journal
might be "UNIX Operating System Security" by F. T. Grampp and
R. H. Morris (p. 1649-1672.)  It mentions that some systems
will count the login attempts and if there are too many will
disable the *account*.  This makes more sense than disabling
the line, but still leaves an opening for mischief, e.g.:
"For the intruder who has already gained access to the system,
and who wants to get rid of the system administrator, the
feature is a blessing:

  login: guru
  password: foo

repeated the appropriate number of times will assure the intruder
of privacy for at least a little while."

--henry schaffer  n c state univ