Bugtraq mailing list archives

Re: Not so much a bug as a warning of new brute force attack

From: cdcsegu2 () cdcnet uniandes edu co (Seguridad)
Date: Mon, 3 Jun 1996 21:57:35 +0500


This attack is very old, the problem is that 110 is the only service that
autenticate the logins and password (introduced by user and pass)...
In the net is a program that automate this process called pop3hack, you
just made 2 dictionaries 1 for logins and the other full of common
passwords and u just have to wait.
I think the solution isnt disable this port, the solution is just limit
the number of tries to enter the valid user/password (3 times max)..
because this service is just used to gain access using random entries,
the problem not consist en the autentication, consist en the ilimited
number of tries in conjuntion with the autentication is just like the
login programs in conjuntion with the finger command info.

Efrain Torres
Uniandes
Bogota-Colombia

Current thread:

Re: Strange changes - any ideas?, (continued)
- - - Re: Strange changes - any ideas? Andrew V. Kovalev (Jun 09)
    - Digital Unix, daemons and the SIA authentication library. Paul C Leyland (Jun 10)
    - Re: Strange changes - any ideas? Darren Reed (Jun 10)
    - Vulnerability Database Christopher Klaus (Jun 10)
    - Re: brute force Ze'ev Maor (Jun 04)
    - Re: brute force simes () tcp co uk (Jun 04)
  - Re: Not so much a bug as a warning of new brute force attack Bill Broadley (Jun 03)
  - Re: Not so much a bug as a warning of new brute force attack Brian Tao (Jun 08)
    - Re: Not so much a bug as a warning of new brute force attack Paul D. Robertson (Jun 09)
- Re: Not so much a bug as a warning of new brute force attack Stefan Hudson (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Seguridad (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Thomas Roessler (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Andrew Macpherson (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack John Orthoefer (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Don Lewis (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Dave Hayes (Jun 04)
  - Re: Not so much a bug as a warning of new brute force attack Albert Lunde (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack der Mouse (Jun 05)
- Re: Not so much a bug as a warning of new brute force attack der Mouse (Jun 09)
  - Re: Not so much a bug as a warning of new brute force attack Brian Tao (Jun 09)