[2660] in bugtraq
Re: Not so much a bug as a warning of new brute force attack
daemon@ATHENA.MIT.EDU (Richard Ashton)
Mon Jun 3 14:16:43 1996
Date: Mon, 3 Jun 1996 16:04:25 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Richard Ashton <rich@corp.netcom.net.uk>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.SOL.3.93.960601104727.687A-100000@dazed.nol.net> from
"Brett L. Hawn" at Jun 1, 96 10:52:28 am
[attack account deleted]
> Solution:
>
> Implement random delay times, logging, and disconnection within the pop3
> daemom
>
> I am currently adding a random delay of 5-10 seconds after a bad password to
> not only slow down, but possibly break the crack mechanism. Along with this
> I am adding logging of any attempt that gives a bad password and a
> disconnection scheme that will disconnect the process after 3 bad passwords.
What's to stop someone opening a new pop3 connection for each guess, thus
avoiding the wait factor and/or process detection you've put in the code?
popper should use syslog to record the IP address of requests and if you run
it with -d produce some nice debug information (depending on the version of
popper you have of course).
--
..Blue O "Smoke me a kipper,
Skies.. //\/ I'll be back for breakfast."
\/\ ..Must
...../ Dash.. Email: rich@corp.netcom.net.uk
