Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site ucla-cs.ARPA
Path: utzoo!linus!decvax!ittatc!dcdwest!sdcsvax!sdcrdcf!ucla-cs!das
From: das@ucla-cs.UUCP
Newsgroups: net.crypt
Subject: Re: foiling password crackers
Message-ID: <9281@ucla-cs.ARPA>
Date: Sat, 22-Feb-86 01:06:39 EST
Article-I.D.: ucla-cs.9281
Posted: Sat Feb 22 01:06:39 1986
Date-Received: Mon, 24-Feb-86 21:15:04 EST
References: <100900001@haddock.UUCP> <588@bentley.UUCP> <887@kuling.UUCP>
Reply-To: das@ucla-cs.UUCP (David Smallberg)
Organization: UCLA Computer Science Department
Lines: 30

Or, if your system can support it, how about this:

     After N bad attempts at guessing a password, voila`!  The penetrator
succeeds at logging in.  Of course, what he really gets is a special
shell that logs everything (and notifies the appropriate administrators);
of course, his userid is not that of any real user.  The special shell looks
real enough to keep the bad guy occupied for a while (the better to collect
evidence).  Obvious things to do include giving doctored responses to requests
to see the password file or to see what programs are available.  Intriguing
program names or logon ids might keep him interested longer.

     To keep him fooled even longer, the first thing to do after login could
be to say, "Some commands restricted because of dialin; password for full
regular access:" or something like that.  Since he won't get that password
right (it doesn't exist, of course), he won't be surprised when he can't do
everything that he might know the OS is capable of, so he won't question as
hard any "command not permitted" responses that the special shell gives
whenever he asks to do something you didn't bother to implement a fake reply
for.

     A nice touch would be to have a fake bulletin board system with a few
messages about interesting phone numbers to call.  In that way you might
induce him to call a real person (you or a friend of yours) who might be
able to extract some personal data about him in the course of a friendly
conversation about pirate BBS's, dial-a-joke lines, etc.

     Or let him read netnews.  He'll spend a lot of time on that, time he
would otherwise spend trying to mess up your system.

-- David Smallberg, das@locus.ucla.edu, {ihnp4,ucbvax}!ucla-cs!das