RE: DoS and Windows Login

[Paul Carroll <PaulC () CLC PITT EDU>]

It could be both.  Perpetrators trying to create a DoS through the use of
brute force password guessing.  

We have seen an increase in the messenger spam, but no DoS.  

Paul J Carroll
Technical Manager
University of Pittsburgh
Computer Learning Center
A Division of the College of General Studies

-----Original Message-----
From: Nicholas C. Weaver [mailto:nweaver () CS Berkeley EDU] 
Sent: Thursday, October 17, 2002 5:17 PM
To: incidents () securityfocus com
Subject: DoS and Windows Login

UC Berkeley runs a fairly open network (*GASP*, no firewall).

Lately, many users have been experiencing a minor but annoying DOS
attack: The windows system's authentication procedures, after X failed
password tries, locks out the account for 30 minutes.  Someone or some
group is doing large scale password guessing which is resulting in
many users being unable to log in in the morning, until this timeout
passes.

Question:  Have those in other universities or other generally open
computing environments noticed a similar trend?  Is this the work of
an attacker trying to brute-force passwords or a deliberate DOS
attempt?

-- 
Nicholas C. Weaver                                 nweaver () cs berkeley edu

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com