[2834] in bugtraq
Re: Write-only devices (Was read only devices)
daemon@ATHENA.MIT.EDU (J.R.Valverde (jr))
Fri Jun 28 13:41:35 1996
Date: Fri, 28 Jun 1996 10:36:57 WET
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: "J.R.Valverde (jr)" <jrvalverde@samba.cnb.uam.es>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
>I always wondered why the heck this happens. While knowing what account is
>being attempted is valuable, why the heck doesn't the code just try and
>see if pAsSwOrD is a valid account name? If it isn't, don't display it
>or say "failed login attempt for an undefined system user."
>
Then you miss some interesting patterns like, e.g. someone mistyping
a username or trying for common usernames. I know of many sites that rename
'root' or 'system' to something different, or that do not have a 'postmaster'
or... These attacks, specially with default accounts that on some systems
still come with default passwords would be missed. For instance.
Crackers do not use old-well-known techiniques. They are constantly
devising new methods, and you can't know in advance what these will be,
hence you can't easily discard any information in advance either.
jr
