bad login tracking

To: debian-user@lists.debian.org
Subject: bad login tracking
From: "Chad A. Adlawan" <chadi@archangel.8eight8.net.ph>
Date: Wed, 28 Jul 1999 03:39:51 +0800
Message-id: <[🔎] 19990728033951.A524@archangel.8eight8.net.ph>

hello all,
   when i invoke 'lastb', i get the following output :

UNKNOWN  ttyp1        ruf2-6.evoserve. Tue Jul 27 21:13 - 21:13  (00:00)
chadi    ttyp1        ruf2-6.evoserve. Tue Jul 27 21:12 - 21:12  (00:00)

   that is, UNKNOWN for someone who tried to enter a non-exixtent username (w/ reference to /etc/passwd) and the "chadi" field for someone who tried to log-in using the username "chadi" and providing the wrong password.

   question, is there any way for as to know as to what exactly is the 'guess' user name someone tried to enter w/c resulted in the UNKNOWN record for /var/log/btmp ?
   we know that for the entry "chadi", that there really is a user chadi on the system but his password was wrongly entered.  is there any way for us to capture and know what the wrongly enetered password is (guess password) and record it in some file ?
TIA,
Chad

im just being paranoid, w/ all the recent attacks/portscans ive been getting lately and attempted logins from completely alien domains ... thanks and hope you can help

Reply to:

Follow-Ups:
- Re: bad login tracking
  - From: Carl Mummert <mummert@cs.wcu.edu>
- Re: bad login tracking
  - From: David Wright <d.wright@open.ac.uk>

Prev by Date: Re: Mouse
Next by Date: System freezes unexpectedly
Previous by thread: RE: XFCom_SVGA server xfree86-3.3.3 and the ps/2 mouse.
Next by thread: Re: bad login tracking
Index(es):
- Date
- Thread