Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Detection tool?

From: "Josh Mills" <JMills () cnbwaco com>
Date: Fri, 2 Apr 2004 12:59:26 -0600
this is all great if it is an online brute force attack but this dosent do anything to stop someone from getting the 
password hashes and copying to their usb drive and taking them home and hacking away at them. The brute force attacks 
are esy to stop with effective password and lockout policies.

-----Original Message-----
From: Keenan Smith [mailto:kc_smith () clark net]
Sent: Friday, April 02, 2004 8:05 AM
To: 'David E. Newberger'; security-basics () lists securityfocus com
Subject: RE: Detection tool?


You could turn on auditing or logging of whatever resources are used to
manage the passwords.

A scan of the resulting logs looking for a large number of attempts in a
short period from a single source would give you a basic idea that
something happened.  

Or are you looking for an alarm of some sort that notifies you in real
time?

KC Smith

-----Original Message-----
From: David E. Newberger [mailto:dnewberger () cdatribe-nsn gov] 
Sent: Wednesday, March 31, 2004 4:02 PM
To: security-basics () lists securityfocus com
Subject: Detection tool?


How can someone detect a password cracking tool on a network?

David Newberger

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: