Re: off topic: password strategy as an ISP

1997-07-05 Thread Hamish Moffatt
On Sat, Jul 05, 1997 at 07:44:02AM +1000, John Foster wrote: > On Fri, 4 Jul 1997 [EMAIL PROTECTED] wrote: > > > > #!/bin/sh > > cat <<__EOF__ > > No telnet login allowed. > > > > ** Insert the motd here ** > > > > __EOF__ > > sleep 5 > > exit 0 > > > > And if the remote user managed to inter

Re: off topic: password strategy as an ISP

1997-07-05 Thread Martin . Bialasinski
On 5 Jul, John Foster wrote: > On Fri, 4 Jul 1997 [EMAIL PROTECTED] wrote: >> >> #!/bin/sh >> cat <<__EOF__ >> No telnet login allowed. >> >> ** Insert the motd here ** >> >> __EOF__ >> sleep 5 >> exit 0 >> > > And if the remote user managed to interrupt it would they get > /bin/sh?, with EU

Re: off topic: password strategy as an ISP

1997-07-04 Thread John Foster
On Fri, 4 Jul 1997 [EMAIL PROTECTED] wrote: > > #!/bin/sh > cat <<__EOF__ > No telnet login allowed. > > ** Insert the motd here ** > > __EOF__ > sleep 5 > exit 0 > And if the remote user managed to interrupt it would they get /bin/sh?, with EUID 0? And what if the sleep call was suspended?

Re: off topic: password strategy as an ISP

1997-07-04 Thread Martin . Bialasinski
On 4 Jul, Nils Rennebarth wrote: > -BEGIN PGP SIGNED MESSAGE- > > On Thu, 3 Jul 1997, Pavel Galynin wrote: >>> attempts to telnet from the one source, but as we've disabled shell >>> access for dial-in clients it'll just give them motd if they do get in >>> that way! >> >>i'm not at all k

Re: off topic: password strategy as an ISP

1997-07-04 Thread Pavel Galynin
hello, Nils Rennebarth wrote: > > -BEGIN PGP SIGNED MESSAGE- > > On Thu, 3 Jul 1997, Pavel Galynin wrote: > >> attempts to telnet from the one source, but as we've disabled shell > >> access for dial-in clients it'll just give them motd if they do get in > >> that way! > > > >i'm not at

Re: off topic: password strategy as an ISP

1997-07-04 Thread Nils Rennebarth
-BEGIN PGP SIGNED MESSAGE- On Thu, 3 Jul 1997, Pavel Galynin wrote: >> attempts to telnet from the one source, but as we've disabled shell >> access for dial-in clients it'll just give them motd if they do get in >> that way! > >i'm not at all knowledgeable in linux, but chsh changes a def

Re: off topic: password strategy as an ISP

1997-07-04 Thread Pavel Galynin
hello, John Foster wrote: > > We use the following strategy: > > 1) Generate a list of passwords with pwgen could you describe this utility? > 2) On a SP2 supercomputer, try to crack them (after feeding them > through crypt). do you use a wordlist and if so, how big? > 3) Those who can't be

Re: off topic: password strategy as an ISP

1997-07-03 Thread John Foster
We use the following strategy: 1) Generate a list of passwords with pwgen 2) On a SP2 supercomputer, try to crack them (after feeding them through crypt). 3) Those who can't be cracked go into a safe, to be allocated when users sign up. The company I work for was very badly hacked (rm -fR *),