Bugtraq mailing list archives
Not so much a bug as a warning of new brute force attack
From: blh () nol net (Brett L. Hawn)
Date: Sat, 1 Jun 1996 10:52:28 -0500
Last night nol.net was the recipient of a new brute force password attack and I thought I'd share with you the attack and my reccomended solution. The Attack: Using the pop3 mechanism to crack user passwords Given a file full of usernames and the standard 'dict file' one can currently connect to the pop3 daemon and effiecently try passwords for a user until the proper one is gotten or one runs out of passwords without any noticeable effects on the server. I've tested this method myself using several accounts and lots of random crap between valid passwords. A 3 account userfile with a 20k dictfile took appx 2 minutes to generare the passwords for all 3 accounts. Solution: Implement random delay times, logging, and disconnection within the pop3 daemom I am currently adding a random delay of 5-10 seconds after a bad password to not only slow down, but possibly break the crack mechanism. Along with this I am adding logging of any attempt that gives a bad password and a disconnection scheme that will disconnect the process after 3 bad passwords. Brett L. Hawn
Current thread:
- Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 01)
- Re: Not so much a bug as a warning of new brute force attack Paul C Leyland (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Christopher X. Candreva (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Richard Ashton (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Jeremy D. Zawodny (Jun 03)
- Reply from the author of popper at Qualcomm Pete Ashdown (Jun 03)
- Attacks using pop Alan Brown (Jun 03)
- Re: Attacks using pop simes () tcp co uk (Jun 04)
- Re: Attacks using pop Alan Brown (Jun 04)