It could be both. Perpetrators trying to create a DoS through the use of brute force password guessing. We have seen an increase in the messenger spam, but no DoS. Paul J Carroll Technical Manager University of Pittsburgh Computer Learning Center A Division of the College of General Studies -----Original Message----- From: Nicholas C. Weaver [mailto:nweaverat_private] Sent: Thursday, October 17, 2002 5:17 PM To: incidentsat_private Subject: DoS and Windows Login UC Berkeley runs a fairly open network (*GASP*, no firewall). Lately, many users have been experiencing a minor but annoying DOS attack: The windows system's authentication procedures, after X failed password tries, locks out the account for 30 minutes. Someone or some group is doing large scale password guessing which is resulting in many users being unable to log in in the morning, until this timeout passes. Question: Have those in other universities or other generally open computing environments noticed a similar trend? Is this the work of an attacker trying to brute-force passwords or a deliberate DOS attempt? -- Nicholas C. Weaver nweaverat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 17:59:06 PDT