On Wed, Oct 17, 2012 at 10:01 PM, Andrew Schultz <ajschult@xxxxxxxxxxx> wrote:
>> Additionally, it maybe useful to log this information for intrusion
>> detection and correlation.
>
> Again, you don't need to know that the attacker guessed a username of "bob".
> You simply need to recognize that N attempts were made to log in with
> unknown usernames during some time period.
A few years ago, I was a sysadmin of a computer that was compromised
by guessing a password of an user account. It was extremely useful to
have the log of which specific user names were attempted, because
these were not random user names from a dictionary, but names of
employees of the institution in question - and could even indicate the
department which owned the other compromised computer.
Mirek
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
