Focus on Linux
Re: Detecting Brute-Force and Dictionary attacks Nov 08 2006 05:22PM
Sebastiaan Veenstra (sebastiaan veenstra gmail com) (2 replies)
Re: Detecting Brute-Force and Dictionary attacks Nov 10 2006 01:43PM
Cy Schubert (Cy Schubert spqr komquats com)
In message <9555a4b00611080922u79c38d7dl8a7132cb7f299ec2 (at) mail.gmail (dot) com [email concealed]>,
"Seba
stiaan Veenstra" writes:
> Hi,
>
> I didn't read the whole discussion about this issue but I came up with
> an idea which might be usefull to detect brute force attempt. By
> storing the passwords a certain user has used in the past along with
> the current password you could be able to compare to password (by
> pattern matching) used at the login attempts with the passwords list.
> If the password used differs significantly (this excludes typos) from
> the entries in the password list, there could be a possible brute
> force attempt. The reason for storing the previous passwords is that
> people tend to use every password they've used in the past when they
> forgot their password. Maybe this idea can be used along with the
> other methods of detecting brute force attempts. Anyway, it's just a
> random thought.

In many jurisdictions this would be an invasion of privacy and against the
law. Not only that but a security exposure too. For example, people tend to
use similar passwords, even the same passwords for various applications and
machines. Once a sysadmin knows someone's password the victim could be
impersonated without detection. Whereas su commands, access to Oracle
databases, and other services the sysadmin would not normally have access
to would require work on the part of the sysadmin to gain entry into and
these attempts would surely be logged and hopefully detected. Logging
people's passwords is a bad idea.

--
Cheers,
Cy Schubert <Cy.Schubert (at) komquats (dot) com [email concealed]>
Web: http://www.komquats.com and http://www.bcbodybuilder.com
FreeBSD UNIX: <cy (at) FreeBSD (dot) org [email concealed]> Web: http://www.FreeBSD.org
BC Government: <Cy.Schubert (at) gov.bc (dot) ca [email concealed]>

"Lift long enough and I believe arrogance is replaced by
humility and fear by courage and selfishness by generosity
and rudeness by compassion and caring."
-- Dave Draper

[ reply ]
Re: Detecting Brute-Force and Dictionary attacks Nov 09 2006 06:45PM
fabio (ctrlaltca libero it) (2 replies)
Re: Detecting Brute-Force and Dictionary attacks Nov 11 2006 04:19PM
Christian Jonassen (flyrev gmail com) (1 replies)
Re: Detecting Brute-Force and Dictionary attacks Nov 13 2006 07:35PM
Esteban RibičiÄ? (kisero gmail com)
Re: Detecting Brute-Force and Dictionary attacks Nov 10 2006 11:41PM
Greg Metcalfe (metcalfegreg qwest net) (1 replies)
Re: Detecting Brute-Force and Dictionary attacks Nov 13 2006 08:46PM
John Hall (silo xptr net)


 

Privacy Statement
Copyright 2010, SecurityFocus