nanog mailing list archives
Re: gmail security is a joke
From: "Justin M. Streiner" <streiner () cluebyfour org>
Date: Fri, 29 May 2015 12:32:34 -0400 (EDT)
On Thu, 28 May 2015, Rich Kulawiec wrote:
I think this (Bill's) is a very good practice. It's not that difficult to enumerate the name of every pro sports team in the US, the 100 most popular dog names, the 200 most common street names, etc. This attack can be mitigated by limiting attempts...but of course if that's done, then it's possible for an attacker to lock out the real owner by just hammering away constantly using assorted botnet hosts.
There are providers (banks, etc) who will disable an online account thathas had X failed login attempts. While that's good for preventing $bad_guy from continuing to try to brute-force-guess the password, it creates a nominal DoS condition for the legitimate owner who then has to contact the provider and go through their password reset procedure.
In most of the cases I've seen, the provider is not well equipped to block login attempts for $legit_user from whatever address range is doing the brute-forcing (possibly spoofed / botted anyway).
jms
Current thread:
- Re: gmail security is a joke, (continued)
- Re: gmail security is a joke William Herrin (May 28)
- Re: gmail security is a joke Rich Kulawiec (May 28)
- Re: gmail security is a joke Joe Abley (May 28)
- Re: gmail security is a joke Peter Beckman (May 29)
- Re: gmail security is a joke Richo Healey (May 29)
- Re: gmail security is a joke Sander Steffann (May 29)
- Re: gmail security is a joke Barry Shein (May 29)
- Re: gmail security is a joke Valdis . Kletnieks (May 29)
- Re: gmail security is a joke Owen DeLong (May 29)
- Re: gmail security is a joke Jimmy Hess (May 29)
- Re: gmail security is a joke Justin M. Streiner (May 29)
- Re: gmail security is a joke Rich Kulawiec (May 30)
- RE: gmail security is a joke Thijs Stuurman (May 26)
- Re: gmail security is a joke Harald Koch (May 26)
- Re: gmail security is a joke Anil Kumar (May 26)
- Re: gmail security is a joke Valdis . Kletnieks (May 27)
- Re: gmail security is a joke Rafael Possamai (May 27)
- Message not available
- Re: gmail security is a joke Larry Sheldon (May 27)