[2831] in bugtraq
Re: Write-only devices (Was read only devices)
daemon@ATHENA.MIT.EDU (Casper Dik)
Thu Jun 27 17:46:31 1996
Date: Thu, 27 Jun 1996 22:41:57 +0200
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Casper Dik <casper@holland.Sun.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Your message of "Thu, 27 Jun 1996 12:37:03 MDT."
<Pine.SOL.3.91.960627123507.19600C-100000@earth>
>Here's a thought.....don't log it unless its a valid username. If its a
>valid username, and they're failing a lot, then you know what they're
>targetting...if its an invalid username, it doesnt' matter...could be a
>password, could be anything, but its not a valid user, so you don't need
>to worry about it.
I think you should log more than just valid usernames. In logging code
I wrote once I logged all usernames that had one of the following
characteristics:
- existing user
- only alpha numeric characters, starting with an alpha
While that may still log passwords, it only logs weak passwords.
Casper
