Bugtraq mailing list archives

Re: brute force

From: cklaus () ISS NET (Christopher Klaus)
Date: Tue, 4 Jun 1996 15:59:40 -0400


Pop3 isn't the only thing with that problem.  Stock rexec, for example, never
logs anything and is another good way to hammer on password guesses from the
outside.  [See "rservice.c" to make this easier...]  Several other daemons,
particularly the vendor-supplied variety, are similarly lame.  That's what tcp
wrappers and logdaemon are for..


Here are several services we bruteforce attack:

telnetd
rexecd
ftpd
rshd
pop3
filesharing

If you automate a bruteforce attack and do simultaneous connections to speed
up the attack, they are all vulnerable to denial of service if inetd quits
listening to a port.

You might think that with today's password cracking programs and all, a
remote bruteforce attack would be futile.  But suprisingly (or maybe not)
how many machines are wide open with default accounts and accounts gathered
from finger/rusers.

Telnetd,rexecd,rshd,rlogind should all be turned off and replaced with
a tool like ssh.   But even ssh can be bruteforced, it is just a LOT more
time consuming since it only allows 1 try per connection and there is
quite a bit of time consumed generating the random keys for transferring.

Bruteforce for Filesharing for Win95 is probably the most
efficent attack in that no logging is done and you can do about
200 password attempts a second remotely.

You can try to bruteforce your own machine with our software at:

        http://www.iss.net/

Current thread:

Re: Not so much a bug as a warning of new brute force attack, (continued)
- - - Re: Not so much a bug as a warning of new brute force attack Brian Davidson (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Russell Street (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Joe Block (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Thayne Forbes (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Steve Chew (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Shaun Lowry (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Valdis.Kletnieks () vt edu (Jun 04)
    - rexec brute bastard (Jun 04)
    - Selecting Good Passwords mdr () vodka sse att com (Jun 04)
    - brute force *Hobbit* (Jun 04)
    - Re: brute force Christopher Klaus (Jun 04)
    - Re: brute force Tom Fitzgerald (Jun 05)
    - Re: brute force Alan Brown (Jun 06)
    - Re: Linux rlogin hole with libc 5.x Alan Brown (Jun 06)
    - Re: Linux rlogin hole with libc 5.x Pablo Idiaquez (Jun 06)
    - help TaeJin Hong (Jun 07)
    - HP-UX B.10.01 vulnerability Aleph One (Jun 07)
    - Strange changes - any ideas? Fred Cohen (Jun 08)
    - Re: Strange changes - any ideas? dsiebert () icaen uiowa edu (Jun 09)
    - Re: Strange changes - any ideas? Andrew V. Kovalev (Jun 09)
    - Digital Unix, daemons and the SIA authentication library. Paul C Leyland (Jun 10)

(Thread continues...)