[2676] in bugtraq
brute force
daemon@ATHENA.MIT.EDU (*Hobbit*)
Tue Jun 4 18:45:59 1996
Date: Tue, 4 Jun 1996 08:35:12 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: *Hobbit* <hobbit@avian.org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Pop3 isn't the only thing with that problem. Stock rexec, for example, never
logs anything and is another good way to hammer on password guesses from the
outside. [See "rservice.c" to make this easier...] Several other daemons,
particularly the vendor-supplied variety, are similarly lame. That's what tcp
wrappers and logdaemon are for..
_H*
