From owner-freebsd-security  Sun Dec 15 15:13:09 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id PAA12873
          for security-outgoing; Sun, 15 Dec 1996 15:13:09 -0800 (PST)
Received: from dfw.dfw.net (aleph1@dfw.dfw.net [198.175.15.10])
          by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id PAA12853;
          Sun, 15 Dec 1996 15:12:59 -0800 (PST)
Received: from localhost by dfw.dfw.net (4.1/SMI-4.1)
	id AA29130; Sun, 15 Dec 96 17:10:51 CST
Date: Sun, 15 Dec 1996 17:10:51 -0600 (CST)
From: Aleph One <aleph1@dfw.net>
To: Terry Lambert <terry@lambert.org>
Cc: rb@gid.co.uk, proff@iq.org, security@FreeBSD.ORG, hackers@FreeBSD.ORG
Subject: Re: vulnerability in new pw suite
In-Reply-To: <199612152221.PAA24138@phaeton.artisoft.com>
Message-Id: <Pine.SUN.3.94.961215170853.28978A-100000@dfw.dfw.net>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 15 Dec 1996, Terry Lambert wrote:

> Try five failed login attempts to telnet on a Sun machine.  It delays
> (and reports) each failed attempt, and drops the connection (after as
> huge delay) after the fifth.

Try su on a Solaris machine and if it takes to long hit ^C. The attempt
will not be logged. You assume all such attems will be logged and trigger
some alarm. You also assume the are trigger on all system that can verify
a password. Thats a lot of assumtions. Its easier to cut bad passwords at
the source.
 
> 					Regards,
> 					Terry Lambert
> 					terry@lambert.org
> ---
> Any opinions in this posting are my own and not those of my present
> or previous employers.
> 

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01