[Beowulf] Re: "hobbyists"
Lombard, David N
dnlombar at ichips.intel.com
Fri Jun 20 10:07:38 PDT 2008
On Fri, Jun 20, 2008 at 12:15:39AM -0400, Perry E. Metzger wrote:
>
> "Robert G. Brown" <rgb at phy.duke.edu> writes:
> > Do you have an recent contemporary evidence for that?
>
> Yes, Run a box with sshd on it connected to the internet and watch your
> logs for a few days. You will find numerous attempts to try thousands
> of possible account names and passwords -- brute force cracking.
>
> Here is an extract from the log on a real machine, one of mine, from
> last night:
>
> Jun 19 20:56:53 smaug sshd[2577]: Invalid user secretariat from 70.90.14.154
> Jun 19 20:56:54 smaug sshd[2522]: Invalid user secretar from 70.90.14.154
> Jun 19 20:56:55 smaug sshd[23949]: Invalid user present from 70.90.14.154
> Jun 19 20:56:56 smaug sshd[3440]: Invalid user test from 70.90.14.154
> Jun 19 20:56:57 smaug sshd[8809]: Invalid user test from 70.90.14.154
> Jun 19 20:56:58 smaug sshd[21600]: Invalid user teste from 70.90.14.154
> Jun 19 20:56:59 smaug sshd[314]: Invalid user teste from 70.90.14.154
Yeah, I get that all the time too, I use an /etc/hosts.allow filter to
temporarily block those idiots after three such attempts.
> It goes on and on and on. There are countermeasures you can run to
> block the zombies trying to guess passwords, but I rarely bother since
> none of my machines allow password based login so their attempts are
> useless anyway.
Same here, so agree to the futility. But, why suffer the endless churn?
If left alone, some will pound away for hours.
> > But weak passwords that are brute force guessed[...]?
> > Only on a poorly managed network,
>
> That would be 95% of networks. I've done a lot of network audits in my
> day, too.
Yup. Just fire up any Wifi kit and look at the visible networks. Also
don't forget SC's wall of shame...
--
David N. Lombard, Intel, Irvine, CA
I do not speak for Intel Corporation; all comments are strictly my own.
More information about the Beowulf
mailing list