>From: mark_at_qualcomm.com (Mark Erikson)
>Subject: Re: Not so much a bug as a warning of new brute force attack
> (fwd)
>Cc: "Brett L. Hawn" <blh_at_nol.net>
>Content-Type: text/plain; charset="us-ascii"
>Content-Length: 2744
>
>
> Version 2.2 has some features you might find interesting.
>
> 1) it blocks access to UIDs less than 11 by default.
> 2) if the login fails, it waits 15 seconds and then exits.
> 3) it logs all failed login attempts.
>
> The only other thing I can think of is to add a database which checks
> for a number of failed logins and then disable the account if the number
> is reached.
>
> Now, with APOP one can create a longer pass phrase which will
> be much more difficult to guess, but the password database will be
> independant of the unix account.
>
> qpopper 2.2 can be retrieved from:
>
> <ftp://ftp.qualcomm.com/quest/unix/servers/unix/qpop2.2.tar.Z>
>
> Mark
Received on Jun 03 1996
Intro
