Blacklisting IPs

Louis LeBlanc FreeBSD at keyslapper.org
Mon Jan 10 10:29:07 PST 2005 

On 01/10/05 06:04 PM, John Conover sat at the `puter and typed:
> Louis LeBlanc writes:
> > 
> > A practice one of my former co-workers liked was to pick a song and pull
> > letters out; take Fleetwood Mac: "Don't Stop Thinking About Tomorrow".
> > You could get "DSTAT", turn that into something else, like "dSt4T".
> > Pretty short, but definitely not a dictionary word.  You could even take
> > more letters from the next line" "Don't Stop, It'll Soon Be Here" and get
> > "dSt4TDs1SbH", or any number of derivations.  If you forget the actual
> > password, your song is an excellent hint.
> >
> 
> I think that comes from RFC1244, (Site Security Handbook,) which is a
> pretty good security SOP for *_general_* 'Net users.
> 
> The stuff 1244 suggests is not perfect, by any means, but is a
> relatively good compromise between security, usability, and
> operational costs.
> 
> For example, to keep sysadmin phone calls on forgotten passwds to a
> minimum, 1244 suggests the words in a user's favorite song, ('cause
> folk's minds remember the words,) to seven letters-maybe with
> capitalization. For example, if the "Star Spangled Banner" is the
> 'fav, then a passwd would be "oH#saY#caN#".
> 
> If logins must be updated periodically, then the user's next passwd
> would be, "yoU#See", and so on.
> 
> Its certainly not perfect[1], but its cheap to administer, easy to
> use, etc., and realatively hard to crack by algorithmic means-at least
> without filling up the log files, giving the sysadm a "heads up" to
> type something beginning with "block ..."
> 
> 1244 has a lot of cute little security things like that.
> 
>         John
> 
> [1] Yea, I've tried a passwd policy of denied vowel-consonant
> relationships, (e.g., words.) Not only did I have a lot of phone calls
> on forgotten passwds, I gained credentials as an English teacher.

LOL.  I understand completely.

BTW, a quick search yielded an update to 1244: 2196, which can be found
here: http://www.faqs.org/rfcs/rfc2196.html

Thanks.

Lou
-- 
Louis LeBlanc               FreeBSD at keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org                     Ô¿Ô¬

The following statement is not true.  The previous statement is true.

More information about the freebsd-questions mailing list