Re: [squid-users] Digest Authentication and Brute Force Attack

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Fri, 19 May 2006 00:14:35 +0200

tor 2006-05-18 klockan 16:56 +0200 skrev alberto.avi@gmail.com:
> Hi Henrik,
>
> I'm using squid-2.5.STABLE12 . I'm trying authentication with a bad
> password. In the access.log file I don't see the userid :
>
> 1147963589.188 386 10.182.35.253 TCP_DENIED/407 1726 GET
> http://www.google.com/ - NONE/- text/html
> 1147963589.220 32 10.182.35.253 TCP_DENIED/407 1726 GET
> http://www.google.com/ - NONE/- text/html
> 1147963591.268 114 10.182.35.253 TCP_DENIED/407 1726 GET
> http://www.google.com/ - NONE/- text/html

Please enable log_mime_hdrs to prove me wrong..

I verified using current 2.5.STABLE (what will become 2.5.STABLE14), but
the digest code has not changed in a long time.. last functional change
was in 2.5.STABLE10 where support for %m in error pages was added.

First request, no login information provided
1147990288.598 0 127.0.0.1 TCP_DENIED/407 1818 GET http://test.auth/ - NONE/- text/html

Second request, unknown account used
1147990327.125 10 127.0.0.1 TCP_DENIED/407 1818 GET http://test.auth/ nouser NONE/- text/html

Third request, known account but invalid password
1147990357.419 8 127.0.0.1 TCP_DENIED/407 1818 GET http://test.auth/ henrik NONE/- text/html

Fourth request, correct login
1147990384.960 2 127.0.0.1 TCP_MISS/503 1490 GET http://test.auth/ henrik DIRECT/test.auth text/html

Regards
Henrik

Received on Thu May 18 2006 - 16:15:29 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT