Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Not so much a bug as a warning of new brute force attackBrett L. Hawn (blhnol.net)
Sat, 1 Jun 1996 10:52:28 -0500
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Gilles Soulet: "Netscape remote control : a small example"
- Previous message: Neil Readwin: "SunOS 5.5 mailtool - stupid .forward symlink tricks"
- Next in thread: Paul C Leyland: "Re: Not so much a bug as a warning of new brute force attack"
Last night nol.net was the recipient of a new brute force password attack and I thought I'd share with you the attack and my reccomended solution. The Attack: Using the pop3 mechanism to crack user passwords Given a file full of usernames and the standard 'dict file' one can currently connect to the pop3 daemon and effiecently try passwords for a user until the proper one is gotten or one runs out of passwords without any noticeable effects on the server. I've tested this method myself using several accounts and lots of random crap between valid passwords. A 3 account userfile with a 20k dictfile took appx 2 minutes to generare the passwords for all 3 accounts. Solution: Implement random delay times, logging, and disconnection within the pop3 daemom I am currently adding a random delay of 5-10 seconds after a bad password to not only slow down, but possibly break the crack mechanism. Along with this I am adding logging of any attempt that gives a bad password and a disconnection scheme that will disconnect the process after 3 bad passwords. Brett L. Hawn