Bugtraq mailing list archives

Re: Write-only devices (Was read only devices)

From: jlemon () americantv com (Jonathan Lemon)
Date: Thu, 27 Jun 1996 13:28:56 -0500


On Thu, 27 Jun 1996, J.R.Valverde (jr) wrote:

        FTP: failed login attempt for user "pAsSwOrD"
        FTP: successful login for user "user" two seconds later


I always wondered why the heck this happens. While knowing what account is
being attempted is valuable, why the heck doesn't the code just try and
see if pAsSwOrD is a valid account name?  If it isn't, don't display it
or say "failed login attempt for an undefined system user."


Compare these two (hypothetical) log entries:

    FTP: failed login attempt for user "manager"
    FTP: failed login attempt for user "guest"
    FTP: failed login attempt for user "system"

    FTP: failed login attempt for user "jelmon"
    FTP: failed login attempt for user "fpt"

It's obvious that something quite different is going on here - one is just
a bunch of typos, while the other is an idiotic breakin attempt.  Just
saying "failed login" for both cases doesn't help much.
--
Jonathan

Current thread:

BoS: CERT Advisory CA-96.12 - Vulnerability in suidperl, (continued)
- - - BoS: CERT Advisory CA-96.12 - Vulnerability in suidperl CERT Advisory (Jun 26)
    - Re: Write-only devices (Was read only devices) Matthew Cable/USA.NET Inc. (Jun 26)
    - Re: Write-only devices (Was read only devices) Dave Kinchlea (Jun 26)
- Re: Write-only devices (Was read only devices) Paul C Leyland (Jun 24)
- Re: Write-only devices (Was read only devices) Peter Jeremy (Jun 24)
  - Re: Write-only devices (Was read only devices) neill (Jun 24)
- Re: Write-only devices (Was read only devices) Adam Bauer (Jun 25)
- Re: Write-only devices (Was read only devices) Gary Howland (Jun 26)
- Re: Write-only devices (Was read only devices) J.R.Valverde (Jun 27)
  - Re: Write-only devices (Was read only devices) Ken Weaverling (Jun 27)
    - Re: Write-only devices (Was read only devices) Jonathan Lemon (Jun 27)
    - Re: Write-only devices (Was read only devices) Roderick Murchison, Jr. (Jun 27)
  - Re: Write-only devices (Was read only devices) Matthew Cable/USA.NET Inc. (Jun 27)
    - Re: Write-only devices (Was read only devices) Casper Dik (Jun 27)
    - Re: Write-only devices (Was read only devices) aleipold () clark net (Jun 27)
    - Re: Write-only devices (Was read only devices) Robert Banz (Jun 28)
- Re: Write-only devices (Was read only devices) Lew Wagner (Jun 27)
- Re: Write-only devices (Was read only devices) J.R.Valverde (Jun 28)
  - Re: Write-only devices (Was read only devices) Valdis.Kletnieks () vt edu (Jun 28)
- Re: Write-only devices (Was read only devices) Jeff Uphoff (Jun 28)
- Re: Write-only devices (Was read only devices) Eugene Bradley (Jun 28)