Re: Brute force attacks



Brute force attack are common. I get tons of them every day. There is
not much you can do.

saqib
http://www.full-disk-encryption.net

On 5/31/07, Mohamad Mneimneh <Mohamad.Mneimneh@xxxxxxxxxxxx> wrote:
Hi List,

I've been experiencing brute force dictionary attacks from various
sources against my gateway. The attacker is trying all kinds of
username/password combinations to get in.

I have traced the source IP addresses on internet authorities such as
Ripe, Arin & Apnic; the feedback I get is that "Country is really world
wide". I then traced the IPs using visual route, and saw that their
locations vary widely; some of them are in the US, some in China, others
in Poland...

What are my options in such a case? Have you ever experienced such a
behavior? And what are the best practices that apply?

Thank you,

-Mohamad.



--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net



Relevant Pages

  • Re: Strong Passwords & Password Cracking (Final Version?)
    ... >> I would have to disagree with a number of your assumptions. ... >> or uses a common name. ... Strong passwords basically forces a brute force ... >> attack. ...
    (comp.security.misc)
  • Re: More on RC4/n
    ... >unreasonably long streams of RC4/5 in a couple hours and long streams ... >extending a current guess (gather.c was used to gather statistics on ... >2^^121 value guesses that standard brute force would require. ... >I don't know if this attack could be extended to RC4/6. ...
    (sci.crypt)
  • Re: Hacked Passwords
    ... But Windows authentication is quite venerable by now, and it's hard for me to imagine a new kind of attack against them. ... The main attack against Windows authentication isn't an exploit of any flaw in the cryptographic algorithm, but simple brute force guessing, comparison and retrying. ... take a significant amount of time to brute force crack [as long as they are not split into smaller 7-character LM Hash segments], and I believe it's prohibitively difficult for pre-compiled hash tables to scale up that high. ...
    (microsoft.public.security)
  • Re: Creating a Password
    ... >> 1) A dictionary attack tries every word, number, or combination of such ... > Brute force is guessing, ie a webbased email account. ... Commonly used passphrases. ...
    (alt.computer.security)
  • Re: Creating a Password
    ... >> 1) A dictionary attack tries every word, number, or combination of such ... > Brute force is guessing, ie a webbased email account. ... Commonly used passphrases. ...
    (microsoft.public.security)