Bugtraq mailing list archives
Re: Not so much a bug as a warning of new brute force attack
From: chris () westnet com (Christopher X. Candreva)
Date: Mon, 3 Jun 1996 08:37:37 -0400
On Sat, 1 Jun 1996, Brett L. Hawn wrote:
Given a file full of usernames and the standard 'dict file' one can currently connect to the pop3 daemon and effiecently try passwords for a user until the proper one is gotten or one runs out of passwords without any noticeable effects on the server. I've tested this method myself using
Which pop3 server are you using ? The U of Washington POP/IMAP package has a timer in it, and disconnects after 3 failures. It does not, however, check for a valid log-in shell (that the user's shell exists in /etc/shells). Since I use an invalid shell to disable accounts, I made a small patch to enable this feature. -Chris ========================================================== Chris Candreva -- chris () westnet com -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Current thread:
- Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 01)
- Re: Not so much a bug as a warning of new brute force attack Paul C Leyland (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Christopher X. Candreva (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Richard Ashton (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Jeremy D. Zawodny (Jun 03)
- Reply from the author of popper at Qualcomm Pete Ashdown (Jun 03)
- Attacks using pop Alan Brown (Jun 03)
- Re: Attacks using pop simes () tcp co uk (Jun 04)
- Re: Attacks using pop Alan Brown (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 03)
- pop3 daemon with syslog logging Gunnar Ingvi Thorisson (Jun 03)