|
|
|
| Digg |
|
|
|
Users log on to services such as SSH, ftp, SASL, POP3, IMAP, Apache htaccess, and many more using their names and passwords. These popular access mechanisms are a potential target for brute-force attacks. An attentive bouncer will keep dictionary attacks at bay.
When users are allowed to choose passwords of their own volition, they often choose something fairly weak, like the name of a friend or pet. This predictable human behavior is something that the bad guys relish.
All an attacker needs to do is set up a loop of login attempts that references a dictionary list of passwords. After all, chances are very slight that the user has set up a password like 4G&dP9a! for the account under attack.
|
|
|
| Related Articles | |
|---|---|
| KTools: Spam Filter | Removing spam mail with CRM114 and KMail |
| SORTING JUNK | Intelligent filtering with Qmail, SpamAssassin, and Maildrop |
| EVASIVE MANEUVERS | The Sysadmin’s Daily Grind: Mod_evasive |
| READY FOR TRAFFIC | Tips for optimizing Apache, Postfix, Oracle, MySQL, and Samba |
| DATA TUNNEL | Workshop: A quick and simple private tunnel with OpenVPN |
| THE RAVEN | The sys admin's daily grind: Munin |
| Special Linux Magazine 3 for 1 Offer |
|---|
|
Get 3 Issues + 3 DVDs for the price of a single issue! Let Linux Magazine's hands-on, technical articles guide you in your daily Linux use. Check out bonus DVDs like Ubuntu, SUSE, or Fedora and save the download. Only available for a limited time. Don't miss out! |
Comments