______________ | ___ ___ | | |_ | | _| | ______ ______ |___| | | |___| |_ _| / \ | | | | | /----\/ | | | | | | | | | | | | ___ | | | | __ | | <_ | Issue #:079 _| |_ _| |_| | | \___/ | Date:08\09\96 |______| () |_________| () \________/ () _ / / \ \ _ / _ / ThE Lone Gunmen Presents: \ _ \ | | | | | | NetWare's Intruder Detection | | | | Written By: Yankee | | | | | | | | | | | \____________________________________/ | \________________________________________/ ********************************STOP****************************************** *** In this day and age, anyone can get there hands on text philez and that*** *** means that even the yuppie kids, who don't follow directions, can (and *** *** will probably blow there faces,hands,fingers,noses,legs,nipples,and P-P*** *** blown off, so before you continue read the File "DISCLAIMER!" that was *** *** included in the .ZIP file. it basicly says that you cant sew me if you *** *** get fucked. ************************************************************** ****************************************************************************** Introduction ~~~~~~~~~~~~ According to Novell, about 70% of all LANs are running NetWare in one form or another. Therefore, as the informed little computer geeks we all want to be, it pays to know the ins-and-outs of NetWare. I'm nowhere near an expert on the system; I've only used it once or twice, actually; and I'm not gonna try and sound like I know it all about NetWare, either. Some Real Information ~~~~~~~~~~~~~~~~~~~~~ While doing some research on the system for my own reasons, I discovered a handy feature of NetWare called Intruder Detection (ID). Now, all of you experience in NetWare probably know about this, but I'm gonna babble about it for a while, because, for those of you that don't know, this is something you may find useful in the future. ��� Intruder Detection is a precaution against password cracking. Now, if you don't know a user's password, one way to get access to their account is by trying some obvious passwords, like their cat's name or girlfriend or something. The problem is that if you fail a login attempt, and the LAN's supervisor has Intruder Detection enabled, NetWare will increase a failed attempt counter on that user's account. When the number of failed attempts reaches the supervisor defined value, the user is totally locked out of the network for a preset period of time. This gives the administrators time to check the account for security leaks or whatever so they can plug any holes in the system before reinstating that user's account. Note ~~~~ From what I've heard and read, a lot of supervisors turn Intruder Detection off because they are just too lazy to go around resetting accounts when legit users screw up their passwords. Good for you, bad for them. Now What? ~~~~~~~~~ Now, stop for a sec and think of the benefits of this feature instead of the deterence it might generate. What good is it to you? ��� Well, try purposely failing all the alotted logins on a NetWare LAN that you know the supervisor has enable ID. Why would you want to do that? Well, use the supervisor's account! Fail the logins, ID locks that account, and the supervisor has to go through a hell of a lot of time and trouble to get his own friggin' account back. A few weeks of this will annoy the piss out of him and he'll disable Intruder Detection. Now you no longer have a limit to crack the user's password in. ��� Or, you could just repeatedly fail another user's account just before you know they need to do something important on the network so that have to go crying to the administrator to fix it. That's almost as fun. ��copyright august nineteen ninety-six by yankee of the lone gunmen�� SAUCE00NetWare's Intruder Detection Yankee ThE Lone Gunmen[TlG]19960808*PT