Reply from the author of popper at Qualcomm

Pete Ashdown (pashdown@xmission.com)
Mon, 3 Jun 1996 13:35:23 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Seguridad: "Re: Not so much a bug as a warning of new brute force attack"
Previous message: Jeremy D. Zawodny: "Re: Not so much a bug as a warning of new brute force attack"
Next in thread: Alan Brown: "Attacks using pop"

>From: mark@qualcomm.com (Mark Erikson)
>Subject: Re: Not so much a bug as a warning of new brute force attack
>  (fwd)
>Cc: "Brett L. Hawn" <blh@nol.net>
>Content-Type: text/plain; charset="us-ascii"
>Content-Length: 2744
>
>
>        Version 2.2 has some features you might find interesting.
>
>        1) it blocks access to UIDs less than 11 by default.
>        2) if the login fails, it waits 15 seconds and then exits.
>        3) it logs all failed login attempts.
>
>        The only other thing I can think of is to add a database which checks
>    for a number of failed logins and then disable the account if the number
>    is reached.
>
>        Now, with APOP one can create a longer pass phrase which will
>    be much more difficult to guess, but the password database will be
>    independant of the unix account.
>
>        qpopper 2.2 can be retrieved from:
>
>        <ftp://ftp.qualcomm.com/quest/unix/servers/unix/qpop2.2.tar.Z>
>
>                                                                     Mark

Next message: Seguridad: "Re: Not so much a bug as a warning of new brute force attack"
Previous message: Jeremy D. Zawodny: "Re: Not so much a bug as a warning of new brute force attack"
Next in thread: Alan Brown: "Attacks using pop"