[pubcookie-users] RE: pubcookie-users Digest, Vol 36, Issue 3

[Stephen S. Willey]

Detecting dictionary attacks sounds like a good task for the authentication
back-end server :)

Doesn't really seem like a job for an apache module.  Something watching the
syslog output from the login server and keeping track of failed
authentications seems the simplest.  

steve

> -----Original Message-----
> From: pubcookie-users-bounces at mailman1.u.washington.edu 
> [mailto:pubcookie-users-bounces at mailman1.u.washington.edu] On 
> Behalf Of caleb racey
> Sent: April 15, 2005 02:15
> To: pubcookie-users at u.washington.edu
> Subject: [pubcookie-users] RE: pubcookie-users Digest, Vol 36, Issue 3
> 
> Hi folks
> 
> Have been asked about monitoring pubcookie to ensure that 
> people aren't
> dictionary attacking to try and crack username password stores. Tools
> exist to automate webform submission so it is definitely a 
> possibility.
> 
> Is anyone doing anything about this at present?
> 
> I guess probably the easiest way is to monitor the server logs looking
> for grouped failed login attempts. Does anyone have tools 
> that they use
> to do this?
> 
> I had a look at mod_security (http://www.modsecurity.org/) which while
> impressive for preventing other types of attack doesn't seem to cover
> dictionary attacks on login services.
> 
> Cheers
> 
> Cal
> 
> ########################################
> Caleb Racey, Webteam, ISS
> University of Newcastle upon Tyne
> 
> My mail is aggressively spam filtered.
> If you receive no reply. Resend after 
> removing anything that might look like spam 
> (e.g use plain text, don't write in ALL CAPS) 
> ########################################
> 
> 
> 
> 
> _______________________________________________
> pubcookie-users mailing list
> pubcookie-users at u.washington.edu
> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-users
>