Last night nol.net was the recipient of a new brute force password attack
and I thought I'd share with you the attack and my reccomended solution.
The Attack:
Using the pop3 mechanism to crack user passwords
Given a file full of usernames and the standard 'dict file' one can
currently connect to the pop3 daemon and effiecently try passwords for a
user until the proper one is gotten or one runs out of passwords without any
noticeable effects on the server. I've tested this method myself using
several accounts and lots of random crap between valid passwords. A 3
account userfile with a 20k dictfile took appx 2 minutes to generare the
passwords for all 3 accounts.
Solution:
Implement random delay times, logging, and disconnection within the pop3
daemom
I am currently adding a random delay of 5-10 seconds after a bad password to
not only slow down, but possibly break the crack mechanism. Along with this
I am adding logging of any attempt that gives a bad password and a
disconnection scheme that will disconnect the process after 3 bad passwords.
Brett L. Hawn
Received on Jun 03 1996
Intro
