On Wed, Apr 23, 2008 at 1:01 PM, Jon Radel  wrote:
> Sam Fourman Jr. wrote:

quoted text
> >>  Is there a way to login the passwords that were used in the bruteforce

> >> attack? [...]

>

> Not only that, if you read any history of Unix's early days you should

> come across some instructive stories as to why logging the passwords of

> failed attempts is now generally considered a really bad idea.

Or doing silly things like typing your password in the username spot (moving

around between lots of different keyboards of different form factors

sometimes plays havoc with my touch typing, forcing me to look at the

keyboard rather than the screen).
The value of logging brutes is probably minimal... all you're reallying

doing is observing the passing fads in point and click tools used by

knee-biting rift-raft.  If you're planning on building a dictionary or

attack profile, I think you'll find that most brutes are just targeting some

insecure default install.  Back-off strategies are more than adequate for

dealing with them.
...and there are so many other fun things that you can do beside just build

up another useless data set.  If you own a significant amount of

infrastructure, passing specific host routes to bit buckets or honey pots up

the network can be a fun creative way to handle this kind of trash traffic.