Bugtraq mailing list archives
Re: Not so much a bug as a warning of new brute force attack
From: pcl () foo oucs ox ac uk (Paul C Leyland)
Date: Mon, 3 Jun 1996 12:04:57 +0100
From: "Brett L. Hawn" <blh () nol net>
Hi, Brett --- they're still giving you hassle, eh?
Using the pop3 mechanism to crack user passwords Given a file full of usernames and the standard 'dict file' one can currently connect to the pop3 daemon and effiecently try passwords for a user until the proper one is gotten or one runs out of passwords without any
...
Solution: Implement random delay times, logging, and disconnection within the pop3 daemom I am currently adding a random delay of 5-10 seconds after a bad password to not only slow down, but possibly break the crack mechanism. Along with this I am adding logging of any attempt that gives a bad password and a disconnection scheme that will disconnect the process after 3 bad passwords.
I'd recommend not bothering with the random delay, though it would seem to be harmless. The second half of the solution is the way to go. Unlike the subject line suggests, I am reporting a bug. One which makes brute force cracking much more likely to succeed. We run Digital Unix V3.2c here with the C2 security options. We discovered that although login correctly disabled an account for a period after a specified number of failed authentication events, the authenticator supplied in the libraries did not. We found out because someone successfully ran a guessing attempt against our ftpd. We played hell with DEC, who eventually gave us patched libraries. Moral: ALL daemons which do authentication have to be linked with a properly functioning authenticator. Advice: If you are running Digital Unix in C2 mode, check that your libraries do repeated bad password detection and account locking. If they do not, call DEC immediately and insist that you get the patched libraries. Tell them I sent you 8-) Paul
Current thread:
- Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 01)
- Re: Not so much a bug as a warning of new brute force attack Paul C Leyland (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Christopher X. Candreva (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Richard Ashton (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Jeremy D. Zawodny (Jun 03)
- Reply from the author of popper at Qualcomm Pete Ashdown (Jun 03)
- Attacks using pop Alan Brown (Jun 03)
- Re: Attacks using pop simes () tcp co uk (Jun 04)
- Re: Attacks using pop Alan Brown (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 03)