Preventing Dictionary Attacks

Results 1 to 2 of 2

Thread: Preventing Dictionary Attacks

  1. #1
    Join Date
    Dec 1969

    Default Preventing Dictionary Attacks

    Does anyone have some good techniques for blocking dictionary attacks at an ASP level. For example using a random word confirmation before accepting a submission.

  2. #2
    Join Date
    Dec 1969

    Default There are various ways... can reduce the chance of an automated attack, including a dictionary attack, to be successful.<BR><BR>1. Delay the login<BR><BR>You can introduce an artifical delay before (or after) validating the username and password. This means the automated attack will take a lot longer to go through the various username/password combinations.<BR><BR>2. Create a GIF (JPEG) with random numbers/letters<BR><BR>Some sites require you to enter a combination of numbers and letters that are shown in an image (GIF or JPEG). Don&#039;t just put the random numbers/letters into the HTML as plain text, because an automated system could extract those from the page and thus work around the protection mechanism.<BR><BR>3. Check the IP address of the user<BR><BR>If you find that the same IP address is trying to enter your secure area, block this IP address for a certain time, before it can try again to log in. Again, this delays the automated attacker.<BR><BR>4. Give users a random username and/or password<BR><BR>To prevent dictionary attacks, force your users to have difficult to guess usernames and passwords. Combinations of letters, digits and other characters are good, provided you mix all types of characters up. For example "a6&bb&7/j" is good, but "abbj67&&/" isn&#039;t so good, even though the letters and digits are the same.<BR><BR>5. Force users to log in from the same IP address<BR><BR>In some situations you may be able to link a user to a particular IP address (or a number of IP addresses). This way you can check not only that the username and password are correct, but that the log in attempt is coming from a specific IP address.<BR><BR>I guess there may be other ways, but those are the most commonly used ones.<BR><BR>Oliver.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts