[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SSH password attacks
On Monday 20 September 2004 17:40, suse@xxxxxx wrote:
> Does anyone running a unix server really use "guest", "test", "user", or
> "admin" as real accounts? Judging by the volume of attempts I'm getting,
> there has to be something causing this. Was a borked version of ssh server
> released for windows, or something? Or is this trying to connect to zombie
> machines? From what I understand, ssh server isn't common on windows, and
> those accounts certainly aren't common to unix... Anyone know what's going
> on here?
AFAIK, when someone attempts to log in with an existing user name and
incorrect password, the timing on the denied/rejected response is a great
deal longer than the timing on a denied/rejected response for a non-existant
Plugging your machine with first root, then a few accounts that in a typical
unix environment will not exist, will give a potential hacker a bit of infor
for their dictionary attack.
Running the sequence of unknown user/unknown password is a huge resource
requirement, so all they do now is just run a dictionary on user names,
measure the response and make an educated guess from the responses what
usernames probably do exist.
Then they can start with passwords.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here