From owner-freebsd-hackers  Sat Dec  6 15:09:58 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id PAA22394
          for hackers-outgoing; Sat, 6 Dec 1997 15:09:58 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from seidata.com (seidata.com [206.160.242.33])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA22378
          for <freebsd-hackers@FreeBSD.ORG>; Sat, 6 Dec 1997 15:09:53 -0800 (PST)
          (envelope-from mike@seidata.com)
Received: from localhost (mike@localhost)
	by seidata.com (8.8.8/8.8.5) with SMTP id SAA09604;
	Sat, 6 Dec 1997 18:09:55 -0500 (EST)
Date: Sat, 6 Dec 1997 18:09:55 -0500 (EST)
From: Mike <mike@seidata.com>
To: Alex <garbanzo@hooked.net>
cc: John-Mark Gurney <gurney_j@resnet.uoregon.edu>,
        Jaye Mathisen <mrcpu@cdsnet.net>, Jim Bryant <jbryant@unix.tfs.net>,
        ircadmin@shellnet.co.uk, freebsd-hackers@FreeBSD.ORG
Subject: Re: Telnet Root access
In-Reply-To: <Pine.BSF.3.96.971205172907.765A-100000@zippy.dyn.ml.org>
Message-ID: <Pine.BSF.3.96.971206180636.8771B-100000@seidata.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, 5 Dec 1997, Alex wrote:

> Actually it doesn't really even prevent that.  Su just adds more
> detailed logging of the attempts, which are more likely (IMO) to draw
> attention.

Keep in mind that only users in group wheel will be able to su...  So,
while not completely preventing this, it greatly limits *who* can brute
force root to those people you trust enough to allow in the wheel group.

// Mike <mike@seidata.com>
// SEI Data Network Services, Inc.