From owner-freebsd-security Sun Dec 15 14:46:11 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id OAA09411 for security-outgoing; Sun, 15 Dec 1996 14:46:11 -0800 (PST) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id OAA09387; Sun, 15 Dec 1996 14:46:06 -0800 (PST) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id PAA24138; Sun, 15 Dec 1996 15:21:44 -0700 From: Terry Lambert Message-Id: <199612152221.PAA24138@phaeton.artisoft.com> Subject: Re: vulnerability in new pw suite To: aleph1@dfw.net (Aleph One) Date: Sun, 15 Dec 1996 15:21:44 -0700 (MST) Cc: terry@lambert.org, rb@gid.co.uk, proff@iq.org, security@FreeBSD.ORG, hackers@FreeBSD.ORG In-Reply-To: from "Aleph One" at Dec 15, 96 03:40:43 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > Just because the passwd is shadowed does not mean it wont be cracked. The > are programs that will brute force passwords using POP, TELNET, RSH, etc. And as a result will hit source/attempt based security triggers on any real machine, and automatically shut down future attempts until such time as the administrator can deal wit the alerts to the systems satisfaction. Try five failed login attempts to telnet on a Sun machine. It delays (and reports) each failed attempt, and drops the connection (after as huge delay) after the fifth. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.