On Wed, Apr 23, 2008 at 1:01 PM, Jon Radel <[EMAIL PROTECTED]> wrote:
> Sam Fourman Jr. wrote: > >> Is there a way to login the passwords that were used in the bruteforce > >> attack? [...] > > Not only that, if you read any history of Unix's early days you should > come across some instructive stories as to why logging the passwords of > failed attempts is now generally considered a really bad idea. Or doing silly things like typing your password in the username spot (moving around between lots of different keyboards of different form factors sometimes plays havoc with my touch typing, forcing me to look at the keyboard rather than the screen). The value of logging brutes is probably minimal... all you're reallying doing is observing the passing fads in point and click tools used by knee-biting rift-raft. If you're planning on building a dictionary or attack profile, I think you'll find that most brutes are just targeting some insecure default install. Back-off strategies are more than adequate for dealing with them. ...and there are so many other fun things that you can do beside just build up another useless data set. If you own a significant amount of infrastructure, passing specific host routes to bit buckets or honey pots up the network can be a fun creative way to handle this kind of trash traffic.
