Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!bloom-beacon!mgm.mit.edu!wolfgang
From: wolfgang@mgm.mit.edu (Wolfgang Rupprecht)
Newsgroups: comp.unix.wizards
Subject: Re: 60-second timeout in Unix login
Message-ID: <1878@bloom-beacon.MIT.EDU>
Date: Tue, 24-Nov-87 10:34:12 EST
Article-I.D.: bloom-be.1878
Posted: Tue Nov 24 10:34:12 1987
Date-Received: Fri, 27-Nov-87 21:57:28 EST
References: <4139@venera.isi.edu> <2167@tut.cis.ohio-state.edu>
Sender: daemon@bloom-beacon.MIT.EDU
Reply-To: wolfgang@mgm.mit.edu (Wolfgang Rupprecht)
Organization: Independent Software Consultant
Lines: 25

In article <2167@tut.cis.ohio-state.edu> lvc@tut.cis.ohio-state.edu (Lawrence V. Cipriani) writes:
>For example, login could kick you out after N attempts or M
>seconds, whichever occurs first. [...]
>Does anyone have other suggestions for making login more secure?

If you wanted to "play with" the hacker a bit, you could (say after 10
to 20 bad login attempts), give them ish(l) as a login shell! Ish is a
hack "shell" that was posted to the net 3-4 years ago. It is really
just a C program that mimics a normal sh. The thing is, it *never*
does any Unix system calls (other than printing to the terminal). You
could use this to waste the hackers time, and with a bit of logging,
maybe even find out what they are up to.

Ish is fairly amusing. It responds to 'ls' with a canned list of
"files".  You can now 'cat' the files. It also knows about shell
builtins like 'for' 'while' etc. I forget some of the other things
that it does.

Anyway, the best defense seems to be to not let the would-be intruder
know that they've been spotted. Just watch them and let them expose
themselves more.
--
Wolfgang Rupprecht	UUCP: mit-eddie!mgm.mit.edu!wolfgang
				(or) mirror!mit-mgm!wolfgang
			ARPA: wolfgang@mgm.mit.edu (IP addr 18.82.0.114)