nanog mailing list archives
Re: Remembering history passwords may be bad, but they are getting worse
From: "Peter Galbavy" <peter.galbavy () knowtion net>
Date: Mon, 28 Jul 2003 07:34:11 +0100
Kevin Day wrote:
The attacks we see now are... well orchestrated. 10-50,000 proxy servers all making login attempts at once, rather slowly. 10-50 login attempts per second, each from a different proxy. Still slow enough per IP that it doesn't hit our threshold for how many bad logins per IP per hour we allow, but enough attempts that just by trying seemingly random username/password combinations they get a couple of successes a day. We've also seen people trying what appear to be known good username/password combos that were presumably acquired from other sites that were compromised in some way.
But, in turn, there are at least two distinct aims here; 1. Authorised access; people want free porn. 2. DoS; people object (either "on principal" or by competitors) to the service you provide, so they want to deny access to others or make it too expensive to run. Defending against one usually makes the other easier :( Peter
Current thread:
- Re: User negligence?, (continued)
- Re: User negligence? James H. Cloos Jr. (Jul 27)
- Re: User negligence? JC Dill (Jul 27)
- Re: User negligence? David Lesher (Jul 27)
- Re: User negligence? JC Dill (Jul 27)
- Re: User negligence? Christopher L. Morrow (Jul 27)
- Re: User negligence? Stephen Sprunk (Jul 27)
- Re: User negligence? ken emery (Jul 27)
- Re: User negligence? Peter Galbavy (Jul 28)
- Remembering history passwords may be bad, but they are getting worse Sean Donelan (Jul 27)
- Message not available
- Re: Remembering history passwords may be bad, but they are getting worse Kevin Day (Jul 27)
- Re: Remembering history passwords may be bad, but they are getting worse Peter Galbavy (Jul 27)
- Re: Remembering history passwords may be bad, but they are getting worse Scott Call (Jul 28)
- Learning more about authentication and passwords Sean Donelan (Jul 29)
- Re: Learning more about authentication and passwords Dave Israel (Jul 29)
- Re: Learning more about authentication and passwords Jason Dixon (Jul 29)
- Re: User negligence? Stephen Sprunk (Jul 27)