Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Reply from the author of popper at Qualcomm

From: pashdown () xmission com (Pete Ashdown)
Date: Mon, 3 Jun 1996 13:35:23 -0600


From: mark () qualcomm com (Mark Erikson)
Subject: Re: Not so much a bug as a warning of new brute force attack
 (fwd)
Cc: "Brett L. Hawn" <blh () nol net>
Content-Type: text/plain; charset="us-ascii"
Content-Length: 2744


       Version 2.2 has some features you might find interesting.

       1) it blocks access to UIDs less than 11 by default.
       2) if the login fails, it waits 15 seconds and then exits.
       3) it logs all failed login attempts.

       The only other thing I can think of is to add a database which checks
   for a number of failed logins and then disable the account if the number
   is reached.

       Now, with APOP one can create a longer pass phrase which will
   be much more difficult to guess, but the password database will be
   independant of the unix account.

       qpopper 2.2 can be retrieved from:

       <ftp://ftp.qualcomm.com/quest/unix/servers/unix/qpop2.2.tar.Z>

                                                                    Mark
Previous By Date Next
Previous By Thread Next

Current thread: