[2668] in bugtraq
Re: Not so much a bug as a warning of new brute force attack
daemon@ATHENA.MIT.EDU (Jeremy D. Zawodny)
Mon Jun 3 21:21:39 1996
Date: Mon, 3 Jun 1996 14:46:04 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: "Jeremy D. Zawodny" <jzawodn@cs.bgsu.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199606031504.QAA28994@corp.netcom.net.uk>
On Mon, 3 Jun 1996, Richard Ashton wrote:
> What's to stop someone opening a new pop3 connection for each guess, thus
> avoiding the wait factor and/or process detection you've put in the code?
The time overhead, I'd assume. I know that if I had *my* choice of
attacking two machines, and one was known to disconnect after each failed
attempt, I'd use the other.
Besides, you (as an attacker) might be going through some pains to 'cover
your tracks' on the network, so openeing several million connections
might be undesired.
> popper should use syslog to record the IP address of requests and if you run
> it with -d produce some nice debug information (depending on the version of
> popper you have of course).
Agreed. All daemons that do any sort of authentication should have this
as an option (and maybe even default behavior).
Alas, there are always tcpwrappers...
Jeremy
------------------------------------------------------------------------------
<A HREF="http://www.bgsu.edu/~jzawodn">Jeremy Zawodny, jzawodn@cs.bgsu.edu</A>
Computer Science Undergraduate * Computer Consultant * Web Worker for Hire
"Argue your limitations, and they're yours." -- Richard Bach
