Byte.com: Increasing Your Masquerading Gateway SecuritySep 13, 1999, 14:10 (3 Talkback[s])
(Other stories by Trevor Marshall)
"But just a few extra lines of code can make your machine much more immune to attack. Before we can implement them, however, we need to look at how a hacker could break through your simple firewall."
"The task is trivial, of course, if you have left the door open. The first thing a hacker will do is to check if you have bothered to implement passwords on all the common administrator handles."
"Hackers will try to login to TELNET as admin, and the host of other user-IDs listed in your /etc/passwd file. If that fails, there are several programs they will use to try to log in with a dictionary of common passwords. When the program is set running it looks sequentially through its database of most common passwords trying to log in as root or any other known user name. It is amazing how often this technique works. Several years ago one of my colleagues managed to crack nearly all of the passwords in our staff mail server."