<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
I feel I must add in here, in this particular case I can confirm it is
my belief that this was not an automated attack, due to some key
factors. Such as it being a non-public email address, there not being
any variations in usernames and the delays between the test of each
password. Of course the public facing accounts where not tested, seems
pretty strange to have an automated attack platform not test the
details actually contained within the site being profiled, or for it
not to attack any of Kris's emails either, just to name a few. Of
course it being based from Perth may or may not have anything to do
with it.<br>
<br>
The person in question has a Perth based IP with Virgin Media so will
be stuck with it for sometime. I personally think its a nice accoladed
that someone wanted to give me a free password audit, however it would
have been nice if my permission was asked first.<br>
<br>
As Kris has said we did spend sometime checking various logs, and IDS
reports, so its not a lackadaisical hypothesis that we've jumped to.<br>
<br>
Iain Barnett wrote:
<blockquote cite="mid:FF0750E5-91AB-482A-BA76-AB2D8A1E224C@gmail.com"
type="cite"><br>
<div>
<div>On 1 Nov 2009, at 15:14, Kris Davidson wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<p style="margin: 0px;"><font
style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;"
face="Helvetica" size="3">Yeah I mean I assumed a bot or zombie at
first, it just didn't really</font></p>
<p style="margin: 0px;"><font
style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;"
face="Helvetica" size="3">behave like one.</font></p>
</blockquote>
</div>
<br>
<div>It's quite common when writing a spider to put in sleep times
(sometimes random) so that it appears more human, same could easily
(and probably is) done with automated attack scripts too.</div>
<div><br class="webkit-block-placeholder">
</div>
<div>Iain</div>
<div><br class="webkit-block-placeholder">
</div>
<div><br class="webkit-block-placeholder">
</div>
<div><br class="webkit-block-placeholder">
</div>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
dundee GNU/Linux Users Group mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dundee@lists.lug.org.uk">dundee@lists.lug.org.uk</a> <a class="moz-txt-link-freetext" href="http://dundeelug.org.uk">http://dundeelug.org.uk</a>
<a class="moz-txt-link-freetext" href="https://mailman.lug.org.uk/mailman/listinfo/dundee">https://mailman.lug.org.uk/mailman/listinfo/dundee</a>
Chat on IRC, #tlug on irc.lug.org.uk</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Arron "finux" Finnon
Finux.co.uk/blog - Twitter.com/f1nux - facebook.com/finux
Podcasting for HPR, shows can be found at;
<a class="moz-txt-link-freetext" href="http://hackerpublicradio.org/correspondents.php?hostid=85">http://hackerpublicradio.org/correspondents.php?hostid=85</a>
</pre>
</body>
</html>