Re: Possible Hacking routine

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Luther D. Keal: "Re: sportster winmodem / PM3"
• Previous message: thoth@purplefrog.com: "Re: NT and PRI (fwd)"
• Maybe in reply to: Robert Hiltibidal: "Possible Hacking routine"
• Next in thread: James Moriartey: "Re: Possible Hacking routine"

>
> Howdy,
>
> Got a question... Does the portmaster log failed telnet attempts to the
> radius files? If it doesn't by default is there some way it could be
> coaxed into logging failed attempts? Basically what we want is to log the
> failed attempt, the username and ip the attempt came from and to really
> give us that warm fuzzy feeling we'd like to log the username and
> passwords used.

If you log the passwords you will get incorrect passwords for normal users
accounts, from which it would be a small brute-force space to guess the
correct password. If you have a couple of failed passwords in the logs, it
might even be easy to hand-guess the correct password.

If you log the failed usernames, you might also get passwords. This was
pointed out on a security list.

-- 
Bob Forsman                                   thoth@gainesville.fl.us
           http://www.gainesville.fl.us/~thoth/

• Next message: Luther D. Keal: "Re: sportster winmodem / PM3"
• Previous message: thoth@purplefrog.com: "Re: NT and PRI (fwd)"
• Maybe in reply to: Robert Hiltibidal: "Possible Hacking routine"
• Next in thread: James Moriartey: "Re: Possible Hacking routine"