Bugtraq mailing list archives

Re: Not so much a bug as a warning of new brute force attack

From: hudson () mbay net (Stefan Hudson)
Date: Mon, 3 Jun 1996 09:49:34 -0700

Using the pop3 mechanism to crack user passwords

Given a file full of usernames and the standard 'dict file' one can
currently connect to the pop3 daemon and effiecently try passwords for a
user until the proper one is gotten or one runs out of passwords without any
noticeable effects on the server. I've tested this method myself using
several accounts and lots of random crap between valid passwords. A 3
account userfile with a 20k dictfile took appx 2 minutes to generare the
passwords for all 3 accounts.

Solution:

Implement random delay times, logging, and disconnection within the pop3
daemom


qpopper, the POP server from Qualcom (makers of Eudora for PeeCees) does
a 10 second delay and disconnects on a bad password.  It also logs EVERYTHING
to a file and is very configurable.  We've been using it for a few months
now, and it's worked very well.  See ftp.qualcomm.com:/quest/unix/servers.

--
     /// Stefan Hudson <hudson () mbay net>
__  /// Senior Network Administrator - Monterey Bay Internet
\\\/// http://www.mbay.net/  -  Email: info () mbay net
 \XX/ Voice: 408-642-6100  Fax: 408-642-6101  Modem: 408-642-6102

Current thread:

Re: Strange changes - any ideas?, (continued)
- - - Re: Strange changes - any ideas? dsiebert () icaen uiowa edu (Jun 09)
    - Re: Strange changes - any ideas? Andrew V. Kovalev (Jun 09)
    - Digital Unix, daemons and the SIA authentication library. Paul C Leyland (Jun 10)
    - Re: Strange changes - any ideas? Darren Reed (Jun 10)
    - Vulnerability Database Christopher Klaus (Jun 10)
    - Re: brute force Ze'ev Maor (Jun 04)
    - Re: brute force simes () tcp co uk (Jun 04)
  - Re: Not so much a bug as a warning of new brute force attack Bill Broadley (Jun 03)
  - Re: Not so much a bug as a warning of new brute force attack Brian Tao (Jun 08)
    - Re: Not so much a bug as a warning of new brute force attack Paul D. Robertson (Jun 09)
- Re: Not so much a bug as a warning of new brute force attack Stefan Hudson (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Seguridad (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Thomas Roessler (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Andrew Macpherson (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack John Orthoefer (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Don Lewis (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Dave Hayes (Jun 04)
  - Re: Not so much a bug as a warning of new brute force attack Albert Lunde (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack der Mouse (Jun 05)
- Re: Not so much a bug as a warning of new brute force attack der Mouse (Jun 09)
  - Re: Not so much a bug as a warning of new brute force attack Brian Tao (Jun 09)