Re: DoS and Windows Login

[Brad Arlt <arlt () cpsc ucalgary ca>]

On Thu, Oct 17, 2002 at 02:16:34PM -0700, Nicholas C. Weaver wrote:
> UC Berkeley runs a fairly open network (*GASP*, no firewall).
>
> Lately, many users have been experiencing a minor but annoying DOS
> attack: The windows system's authentication procedures, after X failed
> password tries, locks out the account for 30 minutes.  Someone or some
> group is doing large scale password guessing which is resulting in
> many users being unable to log in in the morning, until this timeout
> passes.
>
> Question:  Have those in other universities or other generally open
> computing environments noticed a similar trend?  Is this the work of
> an attacker trying to brute-force passwords or a deliberate DOS
> attempt?

There has been quite the rash of it on my campus.  From what I have
seen it is "only" trying to brute-force the passwords.  A few of our
machines with "unchallanging" Administrator passwords have been turned
into DVD movie servers.

That lock-outs happen is a side effect.  Possibly an amussing side
effect (from the crackers point of view), but a side effect non the
less.
-----------------------------------------------------------------------
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com