Bugtraq mailing list archives
Re: Not so much a bug as a warning of new brute force attack
From: rich () corp netcom net uk (Richard Ashton)
Date: Mon, 3 Jun 1996 16:04:25 +0100
[attack account deleted]
Solution: Implement random delay times, logging, and disconnection within the pop3 daemom I am currently adding a random delay of 5-10 seconds after a bad password to not only slow down, but possibly break the crack mechanism. Along with this I am adding logging of any attempt that gives a bad password and a disconnection scheme that will disconnect the process after 3 bad passwords.
What's to stop someone opening a new pop3 connection for each guess, thus avoiding the wait factor and/or process detection you've put in the code? popper should use syslog to record the IP address of requests and if you run it with -d produce some nice debug information (depending on the version of popper you have of course). -- ..Blue O "Smoke me a kipper, Skies.. //\/ I'll be back for breakfast." \/\ ..Must ...../ Dash.. Email: rich () corp netcom net uk
Current thread:
- Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 01)
- Re: Not so much a bug as a warning of new brute force attack Paul C Leyland (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Christopher X. Candreva (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Richard Ashton (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Jeremy D. Zawodny (Jun 03)
- Reply from the author of popper at Qualcomm Pete Ashdown (Jun 03)
- Attacks using pop Alan Brown (Jun 03)
- Re: Attacks using pop simes () tcp co uk (Jun 04)
- Re: Attacks using pop Alan Brown (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 03)
- pop3 daemon with syslog logging Gunnar Ingvi Thorisson (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Alan Brown (Jun 03)