Re: Re: Password hacker killer

Note that the last one may hurt AOL users -- all AOL http requests come from one of several HTTP proxies at (psudo-)random.

Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).

Comment on Re: Re: Password hacker killer

Replies are listed 'Best First'.
Re: Re: Re: Password hacker killer by diotalevi (Canon) on Sep 08, 2003 at 19:34 UTC
Its also worth noting that WebTV users move between IPs for every page hit so you'd see the same session showing up on multiple IP addresses.	[reply]
Re: Re: Re: Password hacker killer by waswas-fng (Curate) on Sep 08, 2003 at 19:58 UTC
Test for multiple good auths from different IP addresses with unique session ids. I think you missread this, this means unique username <waswas-fng> from random IP addresses each with their own session going. <br `User:IP:Session waswas-fng:10.128.172.10:000001 waswas-fng:10.128.172.10:000002 waswas-fng:10.128.172.10:000003 waswas-fng:10.128.172.10:000004 waswas-fng:10.128.172.10:000005 waswas-fng:10.128.172.12:000005 waswas-fng:192.168.66.11:000004 Would be "OK" Where: User:IP:Session waswas-fng:12.128.172.10:000001 waswas-fng:231.128.172.1:000002 waswas-fng:12.128.172.10:000003 waswas-fng:231.128.172.1:000004 waswas-fng:192.168.52.1:000005` [download] Would show many users using the same account with unique sessions on different networks (shared password or hacked access). -Waswas	[reply] [d/l]