Preventing a Brute Force or Dictionary Attack: How to Keep the Brutes Away from Your Loot

by Bryan Sullivan
Oct. 2, 2017 1 comment Infosecwriters Apps & Hardening

To understand and then combat a brute force attack, also known as a dictionary attack, we must start by understanding why it might be an appealing tool for a hacker. To a hacker, anything that must be kept under lock and key is probably worth stealing. If your Web site (or a portion of it) requires a user to login and be authenticated, then the odds are good that a hacker has tried to break into it. In terms of processing power, it is expensive for a Web site to require authentication, so it is usually only required when the site stores valuable private information. Corporate intranet sites can contain confidential data such as project plans and customer lists. E-commerce sites often store users’ email addresses and credit card numbers. Bypassing or evading authentication in order to steal this data is clearly high on a hacker’s priority list, and today’s hackers have a large library of authentication evasion techniques at their disposal.

http://www.infosecwriters.com/Papers/BSullivan_Brute_Force.pdf

Avatar
Irina Alexandra Negrii 4 months ago

Brute force techniques used in many fields of authentication process. Ftp servers, web servers and mail servers very often got threatened by attackers.. Old technique for mail service brute force still working and it can be easily detected by special signature.

Reply