I've been out of town vacationing in Florida for a while, so this reply is kinda long in coming... > -----Original Message----- > From: Circle Discussion List [mailto:CIRCLE@post.queensu.ca]On Behalf Of > The Merciless Lord of Everything > Sent: Sunday, August 20, 2000 3:08 AM > a matter of time), As I'm sure of all here on the list will agree on, > "qwerty" is not a good password, neither is "barkerdog" or similar type > passwords. Make it a bit harder, switch some letters for digits, People > call this leet, but face it, what's fastest, breaking "barkerthedog" or > "b4r|<3R-|-h|)0g" ? > At work, we remotely grabbed the registry out of one of our NT servers, ran LophtCrack on it and in 30 minutes had 80% of the user's passwords. The admin passwords were cracked within 18 hours. Every password was cracked in 3 days. And I did this from OUTSIDE our network with no knowledge of the admin passwords. Of cource I am the network admin, so it was a test and not a hack :-) and can't be done anymore... > How to do this on a Windows machine? I have no idea :), though I've held a > Microsoft Certification, it has been invalidated with time, and much has > happend in that field (Or at least I hope something has :), so can't help > you there. Actually, Windows 2000 seems _somewhat_ secure when set up properly. My solution was to put the MUD on a 192.168. address and have a port forwarding firewall that ONLY allows port 4000 to get to that machine. You connect to the firewall on port 4000 and it transparently forwards the connection to the MUD machine on port 4000. I use Linux kernel 4.2 with IPTables (not IPChains) to do this and it works beutifully. I can also set up rules at the firewall to allow or block based on subnets and many other criteria to help keep DOS attacks from even reaching the MUD server. -- "I didn't do it, nobody saw me do it, you can't prove a thing!" +------------------------------------------------------------+ | Ensure that you have read the CircleMUD Mailing List FAQ: | | http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html | +------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 04/11/01 PDT