Security Incidents mailing list archives
Re: DoS and Windows Login
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Thu, 17 Oct 2002 19:40:04 -0600
On Thu, Oct 17, 2002 at 02:16:34PM -0700, Nicholas C. Weaver wrote:
UC Berkeley runs a fairly open network (*GASP*, no firewall). Lately, many users have been experiencing a minor but annoying DOS attack: The windows system's authentication procedures, after X failed password tries, locks out the account for 30 minutes. Someone or some group is doing large scale password guessing which is resulting in many users being unable to log in in the morning, until this timeout passes. Question: Have those in other universities or other generally open computing environments noticed a similar trend? Is this the work of an attacker trying to brute-force passwords or a deliberate DOS attempt?
There has been quite the rash of it on my campus. From what I have seen it is "only" trying to brute-force the passwords. A few of our machines with "unchallanging" Administrator passwords have been turned into DVD movie servers. That lock-outs happen is a side effect. Possibly an amussing side effect (from the crackers point of view), but a side effect non the less. ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ arlt () cpsc ucalgary ca University Of Calgary (_)/(_) I should be biking right now. Computer Science ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- DoS and Windows Login Nicholas C. Weaver (Oct 17)
- Re: DoS and Windows Login Brad Arlt (Oct 17)
- <Possible follow-ups>
- RE: DoS and Windows Login Paul Carroll (Oct 17)
- Re: DoS and Windows Login KoRe MeLtDoWn (Oct 18)