<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">'a free password audit' LOL!<br><br>--- On <b>Mon, 2/11/09, Arron M Finnon <i><finux@finux.co.uk></i></b> wrote:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"><br>From: Arron M Finnon <finux@finux.co.uk><br>Subject: Re: [dundee] Script Kiddie attack: in which our intrepid heroes nearly die of laughter<br>To: "Tayside Linux User Group" <dundee@lists.lug.org.uk><br>Date: Monday, 2 November, 2009, 4:49 PM<br><br><div id="yiv307182179">
<title></title>
I feel I must add in here, in this particular case I can confirm it is
my belief that this was not an automated attack, due to some key
factors. Such as it being a non-public email address, there not being
any variations in usernames and the delays between the test of each
password. Of course the public facing accounts where not tested, seems
pretty strange to have an automated attack platform not test the
details actually contained within the site being profiled, or for it
not to attack any of Kris's emails either, just to name a few. Of
course it being based from Perth may or may not have anything to do
with it.<br>
<br>
The person in question has a Perth based IP with Virgin Media so will
be stuck with it for sometime. I personally think its a nice accoladed
that someone wanted to give me a free password audit, however it would
have been nice if my permission was asked first.<br>
<br>
As Kris has said we did spend sometime checking various logs, and IDS
reports, so its not a lackadaisical hypothesis that we've jumped to.<br>
<br>
Iain Barnett wrote:
<blockquote type="cite"><br>
<div>
<div>On 1 Nov 2009, at 15:14, Kris Davidson wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">Yeah I mean I assumed a bot or zombie at
first, it just didn't really</font></p>
<p style="margin: 0px;"><font style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-size-adjust: none; font-stretch: normal;" face="Helvetica" size="3">behave like one.</font></p>
</blockquote>
</div>
<br>
<div>It's quite common when writing a spider to put in sleep times
(sometimes random) so that it appears more human, same could easily
(and probably is) done with automated attack scripts too.</div>
<div><br class="webkit-block-placeholder">
</div>
<div>Iain</div>
<div><br class="webkit-block-placeholder">
</div>
<div><br class="webkit-block-placeholder">
</div>
<div><br class="webkit-block-placeholder">
</div>
<pre><hr size="4" width="90%"><br>_______________________________________________<br>dundee GNU/Linux Users Group mailing list<br><a rel="nofollow" class="moz-txt-link-abbreviated" ymailto="mailto:dundee@lists.lug.org.uk" target="_blank" href="/mc/compose?to=dundee@lists.lug.org.uk">dundee@lists.lug.org.uk</a> <a rel="nofollow" class="moz-txt-link-freetext" target="_blank" href="http://dundeelug.org.uk">http://dundeelug.org.uk</a><br><a rel="nofollow" class="moz-txt-link-freetext" target="_blank" href="https://mailman.lug.org.uk/mailman/listinfo/dundee">https://mailman.lug.org.uk/mailman/listinfo/dundee</a><br>Chat on IRC, #tlug on irc.lug.org.uk</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature">-- <br>Arron "finux" Finnon<br><br>Finux.co.uk/blog - Twitter.com/f1nux - facebook.com/finux<br><br>Podcasting for HPR, shows can be found at;<br><a rel="nofollow" class="moz-txt-link-freetext" target="_blank" href="http://hackerpublicradio.org/correspondents.php?hostid=85">http://hackerpublicradio.org/correspondents.php?hostid=85</a><br><br><br><br></pre>
</div><br>-----Inline Attachment Follows-----<br><br><div class="plainMail">_______________________________________________<br>dundee GNU/Linux Users Group mailing list<br><a ymailto="mailto:dundee@lists.lug.org.uk" href="/mc/compose?to=dundee@lists.lug.org.uk">dundee@lists.lug.org.uk</a> <a href="http://dundeelug.org.uk" target="_blank">http://dundeelug.org.uk</a><br><a href="https://mailman.lug.org.uk/mailman/listinfo/dundee" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/dundee</a><br>Chat on IRC, #tlug on irc.lug.org.uk</div></blockquote></td></tr></table><br>