[Beowulf] Re: "hobbyists"
Lombard, David N
dnlombar at ichips.intel.com
Fri Jun 20 10:07:38 PDT 2008
On Fri, Jun 20, 2008 at 12:15:39AM -0400, Perry E. Metzger wrote:
> "Robert G. Brown" <rgb at phy.duke.edu> writes:
> > Do you have an recent contemporary evidence for that?
> Yes, Run a box with sshd on it connected to the internet and watch your
> logs for a few days. You will find numerous attempts to try thousands
> of possible account names and passwords -- brute force cracking.
> Here is an extract from the log on a real machine, one of mine, from
> last night:
> Jun 19 20:56:53 smaug sshd: Invalid user secretariat from 220.127.116.11
> Jun 19 20:56:54 smaug sshd: Invalid user secretar from 18.104.22.168
> Jun 19 20:56:55 smaug sshd: Invalid user present from 22.214.171.124
> Jun 19 20:56:56 smaug sshd: Invalid user test from 126.96.36.199
> Jun 19 20:56:57 smaug sshd: Invalid user test from 188.8.131.52
> Jun 19 20:56:58 smaug sshd: Invalid user teste from 184.108.40.206
> Jun 19 20:56:59 smaug sshd: Invalid user teste from 220.127.116.11
Yeah, I get that all the time too, I use an /etc/hosts.allow filter to
temporarily block those idiots after three such attempts.
> It goes on and on and on. There are countermeasures you can run to
> block the zombies trying to guess passwords, but I rarely bother since
> none of my machines allow password based login so their attempts are
> useless anyway.
Same here, so agree to the futility. But, why suffer the endless churn?
If left alone, some will pound away for hours.
> > But weak passwords that are brute force guessed[...]?
> > Only on a poorly managed network,
> That would be 95% of networks. I've done a lot of network audits in my
> day, too.
Yup. Just fire up any Wifi kit and look at the visible networks. Also
don't forget SC's wall of shame...
David N. Lombard, Intel, Irvine, CA
I do not speak for Intel Corporation; all comments are strictly my own.
More information about the Beowulf