Re: Not so much a bug as a warning of new brute force attack

Stefan Hudson (hudson@mbay.net)
Mon, 3 Jun 1996 09:49:34 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Perry E. Metzger: "Re: syslogd"
Previous message: Aaron Merifield: "Re: Not so much a bug as a warning of new brute force attack"
In reply to: Brett L. Hawn: "Not so much a bug as a warning of new brute force attack"
Next in thread: Seguridad: "Re: Not so much a bug as a warning of new brute force attack"

> Using the pop3 mechanism to crack user passwords
>
> Given a file full of usernames and the standard 'dict file' one can
> currently connect to the pop3 daemon and effiecently try passwords for a
> user until the proper one is gotten or one runs out of passwords without any
> noticeable effects on the server. I've tested this method myself using
> several accounts and lots of random crap between valid passwords. A 3
> account userfile with a 20k dictfile took appx 2 minutes to generare the
> passwords for all 3 accounts.
>
> Solution:
>
> Implement random delay times, logging, and disconnection within the pop3
> daemom

qpopper, the POP server from Qualcom (makers of Eudora for PeeCees) does
a 10 second delay and disconnects on a bad password.  It also logs EVERYTHING
to a file and is very configurable.  We've been using it for a few months
now, and it's worked very well.  See ftp.qualcomm.com:/quest/unix/servers.

--
     /// Stefan Hudson <hudson@mbay.net>
__  /// Senior Network Administrator - Monterey Bay Internet
\\\/// http://www.mbay.net/  -  Email: info@mbay.net
 \XX/ Voice: 408-642-6100  Fax: 408-642-6101  Modem: 408-642-6102

Next message: Perry E. Metzger: "Re: syslogd"
Previous message: Aaron Merifield: "Re: Not so much a bug as a warning of new brute force attack"
In reply to: Brett L. Hawn: "Not so much a bug as a warning of new brute force attack"
Next in thread: Seguridad: "Re: Not so much a bug as a warning of new brute force attack"