|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Not so much a bug as a warning of new brute force attack
Christopher X. Candreva (chris
westnet.com)Mon, 3 Jun 1996 08:37:37 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Richard Ashton: "Re: Not so much a bug as a warning of new brute force attack"
- Previous message: Allen Wheelwright: "Re: [linux-security] Things NOT to put in root's crontab"
- In reply to: Brett L. Hawn: "Not so much a bug as a warning of new brute force attack"
- Next in thread: Richard Ashton: "Re: Not so much a bug as a warning of new brute force attack"
On Sat, 1 Jun 1996, Brett L. Hawn wrote: > Given a file full of usernames and the standard 'dict file' one can > currently connect to the pop3 daemon and effiecently try passwords for a > user until the proper one is gotten or one runs out of passwords without any > noticeable effects on the server. I've tested this method myself using Which pop3 server are you using ? The U of Washington POP/IMAP package has a timer in it, and disconnects after 3 failures. It does not, however, check for a valid log-in shell (that the user's shell exists in /etc/shells). Since I use an invalid shell to disable accounts, I made a small patch to enable this feature. -Chris ========================================================== Chris Candreva -- chris
- Next message: Richard Ashton: "Re: Not so much a bug as a warning of new brute force attack"
- Previous message: Allen Wheelwright: "Re: [linux-security] Things NOT to put in root's crontab"
- In reply to: Brett L. Hawn: "Not so much a bug as a warning of new brute force attack"
- Next in thread: Richard Ashton: "Re: Not so much a bug as a warning of new brute force attack"