What is a Dictionary Attack? Prevent Brute force Password List Attacks

January 25, 2021
Bot Manager

Contents

Try CDNetworks For Free

Most of our products have a 14 day free trial. No credit card needed.

Share This Post

Global attacks using password lists are on the rise. These attacks are leading to a growing sophistication of typical brute force password cracking attempts using dictionary attack lists. Ensuring you have the correct security measures in place can prevent the loss of sensitive data.

What is a password list attack?

With password list attacks, attackers try to gain access illegally via the regular route with the correct list of passwords and IDs which they have gotten from somewhere previous to the attack. In this case, the login attempt number by the ID becomes so few that it is often difficult to differentiate proper access from an attack.

If the users reuse a common password on multiple sites, there is a real danger of that password being taken, and then used to successfully gain access to other sites. It is for this reason that we recommend that you use different ID and password combinations on each site.

Moreover, the time has come to consider more security measures like 2-step verification on web application servers as well as other methods of authentication.

From the viewpoint of attackers, dictionary attacks, where the attacker attempts to gain access through a variety of common words and passwords which are perceived to be used often, are more efficient than a brute force attack where they just try passwords randomly using as many different possible combinations as they can. Further still, a list of correct IDs and passwords, with the ease at which it allows access, is like a magic item.

It’s also thought that the lists used in dictionary attacks are generally based on reference to publicly available information.

On the contrary, if we refer to a password list beforehand and prevent users from setting a frequently used password, it should be a good system to protect from these types of attacks.

Famous Password List Providing Service

Here, we’ll introduce a renowned list providing service.

■OpenWall

– provides a list for general password tracking which attackers use
 – Provides the list on both paid and free services.

https://www.openwall.com/wordlists/

I tried to download the list in the free version.

https://download.openwall.net/pub/wordlists/passwords/

When you unzip the password.gz, you will see a file called” password.lst.” Open it with the. list viewer. It shows “Last update: 2011/11/20 (3546 entries) “. It seems that they have not updated the free version for a long time. The possible passwords are listed in order of appearance, but I was a little surprised that this included the password I usually use.

What also surprised me was just how common some of these passphrases are, similar permutations of the same word or phrase appear through the wordlist and the dictionary file shows that users feel changing a password to lowercase makes it more difficult to crack.

Here is a list of the top 20 most used passwords:

1 123456 11 1234 21 service
2 12345 12 qwerty 22  canada
3 password 13  money 23  hello
4 password1 14  carmen    
5 123456789 15  mickey    
6 12345678 16  secret    
7 1234567890 17  summer    
8 abc123 18  internet    
9 computer 19  a1b2c3    
10 tigger 20  123    

As you can see all of the phrases on the list are English words with very little use of special characters, nor many complex passwords included. Moreover, the attackers use a list of words such as the one above by inputting it into a tool such as John the Ripper, THC-Hydra or Medusa. We won’t explain the details on the usage of these tools here. In any case, If attackers use these tools and you can detect the access from them, you can defend against their attacks.

We recommend using cloud bot attack detection to detect any usage of the above tools and defend yourself from any potential attack in the future.

How to Protect Against Brute Force Dictionary Attack Lists

CDNetworks offers the cloud bot attack countermeasure “Bot Shield,” which is able to detect and defend recently increasing cyber-attacks.

Bot Shield is a cloud bot countermeasure integrated with the global CDN platform. It is equipped with multiple features that detect and block increasing cyber-attacks via bots beforehand, strengthen web security, and provide high-performance and highly-available web delivery. 

It also helps to detect unknown attacks (zero-day) by bots, protects your website from a wide variety of attacks, including those using the dictionary attack list method.

More To Explore

HTTP Header Optimization
Web Performance

How CDNetworks Helps Optimize HTTP Headers

HTTP headers are key-value pairs sent in HTTP requests and responses, providing essential information about the communication between the client and server. They include details such as content type, encoding, cache control, authentication, and more,

Read More »