DoS and Windows Login

• Previous message: Jose Nazario: "Re: Slapper worm "ink" instead of "cinik" (Re: slapper worm varient "cinik")"
• Next in thread: Paul Carroll: "RE: DoS and Windows Login"
• Reply: Paul Carroll: "RE: DoS and Windows Login"
• Reply: Brad Arlt: "Re: DoS and Windows Login"
• Reply: KoRe MeLtDoWn: "Re: DoS and Windows Login"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

UC Berkeley runs a fairly open network (*GASP*, no firewall).

Lately, many users have been experiencing a minor but annoying DOS
attack: The windows system's authentication procedures, after X failed
password tries, locks out the account for 30 minutes.  Someone or some
group is doing large scale password guessing which is resulting in
many users being unable to log in in the morning, until this timeout
passes.

Question:  Have those in other universities or other generally open
computing environments noticed a similar trend?  Is this the work of
an attacker trying to brute-force passwords or a deliberate DOS
attempt?

-- 
Nicholas C. Weaver                                 nweaverat_private

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Next message: Johnny Calhoun: "Re: HTTP attack looking for /sumthin ?"
• Previous message: Jose Nazario: "Re: Slapper worm "ink" instead of "cinik" (Re: slapper worm varient "cinik")"
• Next in thread: Paul Carroll: "RE: DoS and Windows Login"
• Reply: Paul Carroll: "RE: DoS and Windows Login"
• Reply: Brad Arlt: "Re: DoS and Windows Login"
• Reply: KoRe MeLtDoWn: "Re: DoS and Windows Login"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 16:37:21 PDT