Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!decvax!decwrl!glacier!oliveb!felix!birtch!ken
From: ken@birtch.UUCP (Ken B)
Newsgroups: net.crypt
Subject: Re: foiling password crackers
Message-ID: <262@birtch.UUCP>
Date: Wed, 12-Feb-86 14:11:26 EST
Article-I.D.: birtch.262
Posted: Wed Feb 12 14:11:26 1986
Date-Received: Sat, 15-Feb-86 00:55:13 EST
References: <974@decwrl.DEC.COM>
Reply-To: ken@birtch.UUCP (Ken B)
Distribution: na
Organization: Birtcher, Santa Ana, Calif.
Lines: 30

In article <974@decwrl.DEC.COM> moroney@jon.DEC (Mike Moroney) writes:
>
> 
>>We have all heard of losers who try to break into systems by calling
>>up, and trying to log in by exhaustively trying groups of possible
>>passwords.  Some login programs hang up the phone after a number of
>>attempts.  A simple refinement which I've never heard mentioned would
>>be to have the login program simply disable the ability to log in
>>successfully after a number of attempts, without notifying the user.
>>This would let the unsuspecting loser keep trying to log into your
>>system while you had plenty of time to trace his phone line without
>>your having to worry about his gaining entry to your system.
> 
>>	Andrew Tannenbaum   Interactive   Boston, MA   617-247-1155
>
>VMS V4 already has this. (Lots of other security goodies, too)
>
>-Mike

What if the hacker tries to login to root? does the login program
change the password? or does it just mark that one phone line? If
it changes the password, that could be trouble!

Ken Brown


-- 
	uucp:  ...{!glacier!oliveb,!trwrb!scgvaxd} !felix!birtch!ken

These ramblings are my own, and are surely not those of my employer.