Re: Logging attempted passwords
From: Greg Wooledge (wooledg_at_eeg.ccf.org)
Date: 10/25/04
- Previous message: Covington, Jimmy D. (NGIT): "RE: SSH and mounted home directories"
- In reply to: Derek Martin: "Re: Logging attempted passwords"
- Next in thread: Bartek Krajnik: "Re: Logging attempted passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Oct 2004 07:46:04 -0400 To: secureshell@securityfocus.com
On Mon, Oct 25, 2004 at 02:48:43AM +0900, Derek Martin wrote:
> In some rare and extreme
> cases, I can even conceive of it being possible to know passwords that
> people are successfully using... such as (perhaps) when tracking a
> cracker illegally accessing your systems.
For a honeypot, it does make sense. But anyone capable of setting up
a honeypot should be capable of editing the source code to change the
logging.
> No, but even if my password is not logged in some log, I would think
> my password was not safe if I knew that someone had gotten a hold of
> the logs...
Someone might have managed to get hold of your backup media, without
having compromised the system itself. Or if you're logging to a remote
system, perhaps they sniffed the syslog traffic. There are any number
of situations in which logfiles might be retrieved without requiring
a compromise of the system that generated them.
- Previous message: Covington, Jimmy D. (NGIT): "RE: SSH and mounted home directories"
- In reply to: Derek Martin: "Re: Logging attempted passwords"
- Next in thread: Bartek Krajnik: "Re: Logging attempted passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
