nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Remembering history passwords may be bad, but they are getting worse

From: "Peter Galbavy" <peter.galbavy () knowtion net>
Date: Mon, 28 Jul 2003 07:34:11 +0100

Kevin Day wrote:

The attacks we see now are... well orchestrated. 10-50,000 proxy
servers all making login attempts at once, rather slowly. 10-50 login
attempts per second, each from a different proxy. Still slow enough
per IP that it doesn't hit our threshold for how many bad logins per
IP per hour we allow, but enough attempts that just by trying
seemingly random username/password combinations they get a couple of
successes a day. We've also seen people trying what appear to be
known good username/password combos that were presumably acquired
from other sites that were compromised in some way.


But, in turn, there are at least two distinct aims here;

1. Authorised access; people want free porn.

2. DoS; people object (either "on principal" or by competitors) to the
service you provide, so they want to deny access to others or make it too
expensive to run.

Defending against one usually makes the other easier :(

Peter
Previous By Date Next
Previous By Thread Next

Current thread: