Submission + - IMAP Brute Force the latest script kiddie craze?
flyingfsck writes: Are IMAP password attacks the latest annoyance?
The Nessus toolkit includes THC Hydra http://www.thc.org/thc-hydra/, a fast, parallelized login brute forcer. I noticed the following in my mail server logs today:
BSN-61-107-201.dial-up.dsl.siol.net[86.61.107.201]
Dec 24 14:27:53 ns imapd[28250]: imap service init from 64.5.44.212
Dec 24 14:27:53 ns imapd[28248]: imap service init from 64.5.44.212
Dec 24 14:27:53 ns imapd[28251]: imap service init from 64.5.44.212
Dec 24 14:27:53 ns imapd[28248]: Command stream end of file, while reading line user=??? host=UNKNOWN
This doesn't bode well for the new year.
A simple fix would be to add a 'sleep(10)' to the IMAP server login routine to discourage brute forcing, but that means I have to get the source code, do some reading and compiling. Thank GNU for open source software though, since without the source I'd be in trouble.
The Nessus toolkit includes THC Hydra http://www.thc.org/thc-hydra/, a fast, parallelized login brute forcer. I noticed the following in my mail server logs today:
BSN-61-107-201.dial-up.dsl.siol.net[86.61.107.201
Dec 24 14:27:53 ns imapd[28250]: imap service init from 64.5.44.212
Dec 24 14:27:53 ns imapd[28248]: imap service init from 64.5.44.212
Dec 24 14:27:53 ns imapd[28251]: imap service init from 64.5.44.212
Dec 24 14:27:53 ns imapd[28248]: Command stream end of file, while reading line user=??? host=UNKNOWN
This doesn't bode well for the new year.
A simple fix would be to add a 'sleep(10)' to the IMAP server login routine to discourage brute forcing, but that means I have to get the source code, do some reading and compiling. Thank GNU for open source software though, since without the source I'd be in trouble.
