From Y.Adamopoulos@noc.ntua.gr Wed Jun 5 22:19:02 1996 Received: from melbourne.world.net (melbourne.world.net [198.142.2.1]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id WAA12679 for ; Wed, 5 Jun 1996 22:18:58 +1000 Received: from achilles.noc.ntua.gr (root@achilles.noc.ntua.gr [147.102.222.210]) by melbourne.world.net (8.7.4/8.6.6) with ESMTP id WAA15581 for ; Wed, 5 Jun 1996 22:20:10 +1000 (EST) Received: by achilles.noc.ntua.gr via NTUAnet with ESMTP id PAA19361 at Wed, 5 Jun 1996 15:13:12 +0300 (EET DST) Received: by noc.ntua.gr id PAA06377 at Wed, 5 Jun 1996 15:13:09 +0300 (EET DST) From: Yiorgos Adamopoulos Message-Id: <199606051213.PAA06377@noc.ntua.gr> Subject: Re: brute force (fwd) To: best-of-security@suburbia.net Date: Wed, 5 Jun 1996 15:13:09 +0300 (EET DST) Organization: NTUA-NOC, National Technical University of Athens, GREECE Reply-To: y.adamopoulos@noc.ntua.gr X-Disclaimer: My opinions do not necessarily represent those of my employer. X-Home-Address: 7 Elvetias St., Agia Paraskevi GR15342, Athens, GREECE X-Home-Phone: +30-1-639-4-638 X-Work-Phone: +30-1-772-1-861 X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Forwarded message: From owner-bugtraq@NETSPACE.ORG Wed Jun 5 11:50:05 1996 Approved-By: ALEPH1@UNDERGROUND.ORG X-Mailer: ELM [version 2.4 PL24 PGP2] Content-Type: text Approved-By: Christopher Klaus Message-ID: <199606041959.PAA26550@phoenix.iss.net> Date: Tue, 4 Jun 1996 15:59:40 -0400 Reply-To: Bugtraq List Sender: Bugtraq List From: Christopher Klaus Subject: Re: brute force To: Multiple recipients of list BUGTRAQ In-Reply-To: <199606041235.IAA07465@narq.avian.org> from "*Hobbit*" at Jun 4, 96 08:35:12 am > > Pop3 isn't the only thing with that problem. Stock rexec, for example, never > logs anything and is another good way to hammer on password guesses from the > outside. [See "rservice.c" to make this easier...] Several other daemons, > particularly the vendor-supplied variety, are similarly lame. That's what tcp > wrappers and logdaemon are for.. Here are several services we bruteforce attack: telnetd rexecd ftpd rshd pop3 filesharing If you automate a bruteforce attack and do simultaneous connections to speed up the attack, they are all vulnerable to denial of service if inetd quits listening to a port. You might think that with today's password cracking programs and all, a remote bruteforce attack would be futile. But suprisingly (or maybe not) how many machines are wide open with default accounts and accounts gathered from finger/rusers. Telnetd,rexecd,rshd,rlogind should all be turned off and replaced with a tool like ssh. But even ssh can be bruteforced, it is just a LOT more time consuming since it only allows 1 try per connection and there is quite a bit of time consumed generating the random keys for transferring. Bruteforce for Filesharing for Win95 is probably the most efficent attack in that no logging is done and you can do about 200 password attempts a second remotely. You can try to bruteforce your own machine with our software at: http://www.iss.net/ -- Yiorgos Adamopoulos adamo@noc.ntua.gr National Technical University of Athens, NOC