Vulnerability Development mailing list archives
Re: Intel Corporation, Express 550F Switch unlimited password attempts]
From: courcoul () CAMPUS QRO ITESM MX (Juan M. Courcoul)
Date: Thu, 23 Mar 2000 09:12:38 -0600
On Mon, 20 Mar 2000, Dustin D. Trammell wrote:
David Schwartz wrote:As for whether breaking connections after a fixed number of tries is a good idea, I don't believe it is. It's no harder to write a program to try 1000 passwords on one connection than it is to write one to try one password, disconnect, and repeat. So how would that provide any protection against brute force attacks?It doesn't, although it does increase the amount of time it takes for the brute force attack to be successful, which can be a deterring factor when you have, say, a slower network link and are forced to connect/disconnect for every password attempt.
I remember that in some older systems (VM/370 and VM/SP had this, I'm almost certain), this type of deterrent was coupled with an exponential backoff timer, so that after the first disconnect due to bad auth, it would take say 10 seconds to allow a retry, the second time around it would take 20 seconds, the third, 30 and so on up to some set limit like 5-10 minutes. After a short while it would become chronologically unfeasible to try a brute-force password guessing stint on such a system, or at least it gives the good guys more time to detect the attack and take countermeasures before penetration. The timer would reset after the first correct auth or after some adjustable period of time like an hour or so. Naturally, this opens the door to another type of annoying DoS attack (do this on root/admin/supervisor/whatever the head honcho is/ and watch the aforementioned party tear hair out...), but at least the bad guys have it tough too. J. Courcoul courcoul () campus qro itesm mx Servicios Computacionales Directo (4) 238-3181 ITESM Campus Queretaro Secretaria (4) 238-3175 Queretaro, Qro. Mexico Sky (800) 723-4500 PIN 5597110
Current thread:
- Re: Intel Corporation, Express 550F Switch unlimited password attempts] Dustin D. Trammell (Mar 20)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts] Juan M. Courcoul (Mar 23)
- Novell Netware Copy first Last (Mar 23)
- local security workaround through IE Knud Erik Højgaard (Feb 24)
- Re: local security workaround through IE thegreencow (Mar 24)
- Re: local security workaround through IE Blue Boar (Mar 24)
- Re: local security workaround through IE Knud Erik Højgaard (Feb 25)
- local security workaround through IE Knud Erik Højgaard (Feb 24)
- Re: Novell Netware Copy Richard Beels (Mar 24)
- Ehmm..in reagards to the con\con-problem, and ftp-servers Odd Arne Beck (Mar 24)
- Re: Novell Netware Copy Bob Fiero (Mar 24)
- Re: Novell Netware Copy Bluefish (Mar 25)
- <Possible follow-ups>
- Re: Intel Corporation, Express 550F Switch unlimited password attempts] Dustin D. Trammell (Mar 24)