Re: [squid-users] Digest Authentication and Brute Force Attack

From: Mehdi Sarmadi <msarmadi@dont-contact.us>
Date: Thu, 18 May 2006 17:41:06 +0330

Dear Alberto

 I think the right place to look for such notification capability is
the "external authenticator" itself.

On 5/18/06, alberto.avi@gmail.com <alberto.avi@gmail.com> wrote:
> Hello,
>
> I'm using Digest Authentication and H1 hash data (
> H1=hash("userid":"realm":"password") ) are on an LDAP server.
> My external authenticator read userid and realm from stdinput, make an
> ldap search against LDAP server and then return to Squid the H1 hash on
> stdoutput.
>
> Can Squid notify me if the current user authentication go wrong ?
>
> In fact, I think that my Squid 2.5.STABLE10 system is open to brute
> force password attack.
> In this situation in the access.log I see "TCP_DENIED/407" error
> messages but I don't know who is the user under attack.
> I'd like to know the userid under attack to suspend it at LDAP level.
>
> Thank you for your attention.
>
> Alberto.
>
>

-- 
Mehdi Sarmadi
Received on Thu May 18 2006 - 08:11:07 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT