North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Remembering history passwords may be bad, but they are getting worse

  • From: Peter Galbavy
  • Date: Mon Jul 28 02:35:24 2003

Kevin Day wrote:
> The attacks we see now are... well orchestrated. 10-50,000 proxy
> servers all making login attempts at once, rather slowly. 10-50 login
> attempts per second, each from a different proxy. Still slow enough
> per IP that it doesn't hit our threshold for how many bad logins per
> IP per hour we allow, but enough attempts that just by trying
> seemingly random username/password combinations they get a couple of
> successes a day. We've also seen people trying what appear to be
> known good username/password combos that were presumably acquired
> from other sites that were compromised in some way.

But, in turn, there are at least two distinct aims here;

1. Authorised access; people want free porn.

2. DoS; people object (either "on principal" or by competitors) to the
service you provide, so they want to deny access to others or make it too
expensive to run.

Defending against one usually makes the other easier :(