[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SSH password attacks

Title: Untitled
On Monday 20 September 2004 17:40, suse@xxxxxx wrote:
> Does anyone running a unix server really use "guest", "test", "user", or
> "admin" as real accounts?  Judging by the volume of attempts I'm getting,
> there has to be something causing this.  Was a borked version of ssh server
> released for windows, or something?  Or is this trying to connect to zombie
> machines?  From what I understand, ssh server isn't common on windows, and
> those accounts certainly aren't common to unix...  Anyone know what's going
> on here?

AFAIK, when someone attempts to log in with an existing user name and 
incorrect password, the timing on the denied/rejected response is a great 
deal longer than the timing on a denied/rejected response for a non-existant 

Plugging your machine with first root, then a few accounts that in a typical 
unix environment will not exist, will give a potential hacker a bit of infor 
for their dictionary attack.

Running the sequence of unknown user/unknown password is  a huge resource 
requirement, so all they do now is just run a dictionary on user names, 
measure the response and make an educated guess from the responses what 
usernames probably do exist.

Then they can start with passwords.


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here