Bugtraq mailing list archives

Re: Not so much a bug as a warning of new brute force attack

From: jzawodn () cs bgsu edu (Jeremy D. Zawodny)
Date: Mon, 3 Jun 1996 14:46:04 -0400


On Mon, 3 Jun 1996, Richard Ashton wrote:

What's to stop someone opening a new pop3 connection for each guess, thus
avoiding the wait factor and/or process detection you've put in the code?


The time overhead, I'd assume.  I know that if I had *my* choice of
attacking two machines, and one was known to disconnect after each failed
attempt, I'd use the other.

Besides, you (as an attacker) might be going through some pains to 'cover
your tracks' on the network, so openeing several million connections
might be undesired.

popper should use syslog to record the IP address of requests and if you run
it with -d produce some nice debug information (depending on the version of
popper you have of course).


Agreed.  All daemons that do any sort of authentication should have this
as an option (and maybe even default behavior).

Alas, there are always tcpwrappers...

Jeremy

------------------------------------------------------------------------------
<A HREF="http://www.bgsu.edu/~jzawodn";>Jeremy Zawodny, jzawodn () cs bgsu edu</A>
Computer Science Undergraduate  *  Computer Consultant  *  Web Worker for Hire
        "Argue your limitations, and they're yours." -- Richard Bach

Current thread:

Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 01)
- Re: Not so much a bug as a warning of new brute force attack Paul C Leyland (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Christopher X. Candreva (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Richard Ashton (Jun 03)
  - Re: Not so much a bug as a warning of new brute force attack Jeremy D. Zawodny (Jun 03)
  - Reply from the author of popper at Qualcomm Pete Ashdown (Jun 03)
    - Attacks using pop Alan Brown (Jun 03)
    - Re: Attacks using pop simes () tcp co uk (Jun 04)
    - Re: Attacks using pop Alan Brown (Jun 04)
- [linux-alert] Serious Security hole in getpwnam () [Forwarded Jeff Uphoff (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Aaron Merifield (Jun 03)
  - Re: Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 03)
    - pop3 daemon with syslog logging Gunnar Ingvi Thorisson (Jun 03)
    - Re: Not so much a bug as a warning of new brute force attack Alan Brown (Jun 03)
    - Re: Not so much a bug as a warning of new brute force attack Brian Davidson (Jun 04)

(Thread continues...)