[2829] in bugtraq
Re: Write-only devices (Was read only devices)
daemon@ATHENA.MIT.EDU (Matthew Cable/USA.NET Inc.)
Thu Jun 27 15:46:04 1996
Date: Thu, 27 Jun 1996 12:37:03 -0600
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: "Matthew Cable/USA.NET Inc." <mec@usa.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <009A479F.D5B723D7.62@samba.cnb.uam.es>
On Thu, 27 Jun 1996, J.R.Valverde (jr) wrote:
>
> The same happens for most programs that log successful and wrong
> logins. If you don't record all login attempts then you don't know if
> someone is trying to log-in nor if the attacker is going after a specific
> account. You have to start interactively monitoring one by one all your
> accounts (no account name on any logs, remember?)...
>
Here's a thought.....don't log it unless its a valid username. If its a
valid username, and they're failing a lot, then you know what they're
targetting...if its an invalid username, it doesnt' matter...could be a
password, could be anything, but its not a valid user, so you don't need
to worry about it.
> The lesson is: *users* do make mistakes. And there's no easy
> way you can both keep useful logs without them containing sensitive
> information. Either they do or they are useless.
>
see above ;)
#!/usr/bin/perl -- Matthew Cable -- USA.NET -- Senior System Administrator
$fof='8a*)v2*^Gf#*5S="!jh!;F)]#T):)#&f5kR^(%!E<F#Pf)@2farf&*#ahgu)%C:V5R';
print;$arf=eval{$foo="t1!A53%%1!RBF13!\@$%r/R!$7A39\@aB-z^*#\\)BAS/13/4d";
eval{print;};$foo=~tr/A-Z0-9%$!@!//d;$foo;};$tmp="\$fof=~$arf;";eval $tmp;
eval;eval;eval;$\=unpack(u35,$fof)."\n";print #;)>#;0>#:|#8)#;P#80#:o#;)#;
