Re: intel equipment

[rpc () INETARENA COM (rpc)]

it would be trivial to use random source ip addresses when brute forcing.
i implemented something like this with casl in about 15 minutes.

--rpc <h () ckz org>

On Mon, 20 Mar 2000, jan bakker wrote:

> to protect yourself against brute force atacks
> make a script that makes "dont know" of the firewall with the ip of
> attacker.
>
> success garentead.
> red
>
> > From: Knud Erik Højgaard <kain () EGOTRIP DK>
> > Reply-To: Knud Erik Højgaard <kain () EGOTRIP DK>
> > To: VULN-DEV () SECURITYFOCUS COM
> > Subject: Re: intel equipment
> > Date: Sat, 19 Feb 2000 23:01:59 +0100
> > MIME-Version: 1.0
> > Received: from [207.126.127.68] by hotmail.com (3.2) with ESMTP id
> > MHotMailBA9EDBFE00B8D820F3D2CF7E7F44DD5A0; Sun Mar 19 18:46:28 2000
> > Received: from lists.securityfocus.com (lists.securityfocus.com
> > [207.126.127.68])by lists.securityfocus.com (Postfix) with ESMTPid
> > 5306C1EEC8; Sun, 19 Mar 2000 18:44:11 -0800 (PST)
> > Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM
> > (LISTSERV-TCP/IP release 1.8d) with spool id 6389976 for
> > VULN-DEV () LISTS SECURITYFOCUS COM; Sun, 19 Mar 2000 18:44:08 -0800
> > Received: from securityfocus.com (dev.securityfocus.com [207.126.127.78])
> > by          lists.securityfocus.com (Postfix) with SMTP id DDB201EF68 for
> >        <vuln-dev () lists securityfocus com>; Sun, 19 Mar 2000 12:55:50 -0800
> >          (PST)
> > Received: (qmail 24836 invoked by alias); 19 Mar 2000 20:55:09 -0000
> > Received: (qmail 24833 invoked from network); 19 Mar 2000 20:55:09 -0000
> > Received: from fe040.worldonline.dk (212.54.64.205) by
> > dev.securityfocus.com          with SMTP; 19 Mar 2000 20:55:09 -0000
> > Received: (qmail 21573 invoked by uid 0); 19 Mar 2000 20:55:47 -0000
> > Received: from 19.ppp1-30.worldonline.dk (HELO ost) (212.54.92.19) by
> >    fe040.worldonline.dk with SMTP; 19 Mar 2000 20:55:47 -0000
> > From owner-vuln-dev () SECURITYFOCUS COM Sun Mar 19 18:50:22 2000
> > Approved-By: BlueBoar () THIEVCO COM
> > Delivered-To: vuln-dev () lists securityfocus com
> > Delivered-To: VULN-DEV () SECURITYFOCUS COM
> > X-Sender: u135300863 () m1 1353 telia com
> > X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
> > Message-ID:  <3.0.6.32.20000219230159.007dacf0 () m1 1353 telia com>
> > Sender: VULN-DEV List <VULN-DEV () SECURITYFOCUS COM>
> > X-To:         davids () WEBMASTER COM
> > X-cc:         VULN-DEV () SECURITYFOCUS COM
> >
> > I was tired when i wrote that other thing..sorry...the idea in my head was
> > disallowing connections from the ip supplying the number of wrong
> > passwords. of course, you could then use wingates or whatever, but anyways
> > it would stop the unlimited number of attempts, since there are only a
> > limited number of insecure wingates out there. On the other hand, an
> > important thing when bruteforcing is speed, and disconnecting the user
> > would slow down the attack considerably. I noticed the Intel router in
> > question was nice enough to let me have two concurrent sessions...i had
> > more thoughts, but im too tired(again). something might pop up later
> >
> > Knud Erik Højgaard
> >
> > At , you wrote:
> > > At 10:06 19-03-00 -0800, you wrote:
> > > > > Knud,
> > > > >
> > > > > AFAIK, all intel switches that have a layer 3 interface come with no
> > > > > default username or password. Also, the snmp community strings are
> > > > > public/private.
> > > > >
> > > > > Sigh.
> > > >
> > > >  Before you configure them, they have no IP adress and can only be
> > remotely
> > > > managed immediately after startup by answering their BOOTP requests. As
> > soon
> > > > as you use the software Intel supplies to configure them, they lock
> > > > management down to the IP address of the management station. They can
> > also
> > > > send out SNMP traps when people connect from unauthorized IP addresses
> > or
> > > > use bad passwords.
> > > >
> > > >  Somebody had to assign that switch an IP address and password but not
> > set
> > > > any limits on what IP addresses could manage it. That's not particularly
> > > > bright.
> > > >
> > > >  As for whether breaking connections after a fixed number of tries is a
> > good
> > > > idea, I don't believe it is. It's no harder to write a program to try
> > 1000
> > > > passwords on one connection than it is to write one to try one password,
> > > > disconnect, and repeat. So how would that provide any protection against
> > > > brute force attacks?
> > > >
> > > >  DS
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com