[2657] in bugtraq
Re: Not so much a bug as a warning of new brute force attack
daemon@ATHENA.MIT.EDU (Thomas Roessler)
Mon Jun 3 13:44:27 1996
Date: Mon, 3 Jun 1996 14:09:01 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Thomas Roessler <roessler@sobolev.rhein.de>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In bugraq, Brett L. Hawn writes:
>Last night nol.net was the recipient of a new brute force password attack
>and I thought I'd share with you the attack and my reccomended solution.
>The Attack:
>Using the pop3 mechanism to crack user passwords
Nice, indeed. :-> Another daemon which is just perfectly suited for
this attack is pcnfsd - its main purpose is checking passwords. We had
to hack it up before (having to) use it on one of our servers about a
year ago.
tlr
