[2828] in bugtraq
Re: Write-only devices (Was read only devices)
daemon@ATHENA.MIT.EDU (Jonathan Lemon)
Thu Jun 27 15:13:06 1996
Date: Thu, 27 Jun 1996 13:28:56 -0500
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Jonathan Lemon <jlemon@americantv.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.D-G.3.94.960627121938.28449H-100000@hopi.dtcc.edu> from
"Ken Weaverling" at Jun 27, 96 12:24:29 pm
>
> On Thu, 27 Jun 1996, J.R.Valverde (jr) wrote:
>
> > FTP: failed login attempt for user "pAsSwOrD"
> > FTP: successful login for user "user" two seconds later
>
> I always wondered why the heck this happens. While knowing what account is
> being attempted is valuable, why the heck doesn't the code just try and
> see if pAsSwOrD is a valid account name? If it isn't, don't display it
> or say "failed login attempt for an undefined system user."
Compare these two (hypothetical) log entries:
FTP: failed login attempt for user "manager"
FTP: failed login attempt for user "guest"
FTP: failed login attempt for user "system"
FTP: failed login attempt for user "jelmon"
FTP: failed login attempt for user "fpt"
It's obvious that something quite different is going on here - one is just
a bunch of typos, while the other is an idiotic breakin attempt. Just
saying "failed login" for both cases doesn't help much.
--
Jonathan
