Quoting Chad A. Adlawan ([EMAIL PROTECTED]): > hello all, > when i invoke 'lastb', i get the following output : > > UNKNOWN ttyp1 ruf2-6.evoserve. Tue Jul 27 21:13 - 21:13 (00:00) > chadi ttyp1 ruf2-6.evoserve. Tue Jul 27 21:12 - 21:12 (00:00) > > that is, UNKNOWN for someone who tried to enter a non-exixtent username > (w/ reference to /etc/passwd) and the "chadi" field for someone who tried to > log-in using the username "chadi" and providing the wrong password. > > question, is there any way for as to know as to what exactly is the > 'guess' user name someone tried to enter w/c resulted in the UNKNOWN record > for /var/log/btmp ?
What's the point? Do crackers try to login with their email address? Or perhaps someone typed their password because they hadn't expected a username prompt. > we know that for the entry "chadi", that there really is a user chadi on > the system but his password was wrongly entered. is there any way for us to > capture and know what the wrongly enetered password is (guess password) and > record it in some file ? Again, what's the point. Do you ask chadi if they remember making such a mistake? What might be more reassuring is to check that bad logins are immediately followed by a good one. Everyone makes typos. Cheers, -- Email: [EMAIL PROTECTED] Tel: +44 1908 653 739 Fax: +44 1908 655 151 Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA Disclaimer: These addresses are only for reaching me, and do not signify official stationery. Views expressed here are either my own or plagiarised.
