OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Vuln-Dev Archives: Re: Administrivia #4883/flowpoints

Re: Administrivia #4883/flowpoints

Subject: Re: Administrivia #4883/flowpoints
From: Marc Esipovich (marcMUCOM.CO.IL)
Date: Fri Jan 14 2000 - 04:28:59 CST

> >
> > > depending on the version OS your flowpoint runs, you can limit what ip's
> > > can telnet in using the filter command. if you apply that feature
> > > correctly, you effectively prohibit brute forcing the router pw. treat it
> > > like cisco's access-list's retarded little brother and you wont be too
> > > disapointed.
> >
> > Well, adding a short delay in the code which authenticates the password
> > would make brute-force pretty painful and time-consuming.
>
> true.. adding a 5 second delay might make it take longer but the attack
5 seconds? that's far too long than necessary.

> might well still go undetected unless one is in the habit of checking the
> system history on the router,
Do you know someone who cares about security but fails to check his audit
logs?

>and i doubt the vast majority of flowpoint
> owners do this.
Obviously their problem.

> ultimately, delay code might turn a 1 day hack into a 1
> week hack,
1 week? over a 300msec round-trip line and a strong password which is not
taken from a dictionary? we're talking years.

>but it probably wont stop someone dedicated from getting in.
> id say the most efficient solution is the filter still.
Filters are always important, and yes, they come first, but would you
filter against an intruder from the inside?

Besides, a dedicated intruder doesn't waste his time with attempts to
find the correct password, there are by far more efficient ways of "doing
it".

        Marc Esipovich.

This archive was generated by hypermail 2b27 : Fri Jan 14 2000 - 14:24:21 CST