Re: What is this Very Stupid DOS Attack Script?
At 11:49 AM 06/04/2005, Martin McCormick wrote:
> We have been noticing flurries of sshd reject messages in
>which some system out there in the hinterlands hits us with a flood of
>ssh login attempts. An example:
>
>Apr 6 05:41:51 dc sshd[88763]: Did not receive identification
> string from 67.19.58.170
>Apr 6 05:49:42 dc sshd[12389]: input_userauth_request: illegal
> user anonymous
> Other than spewing lots of entries in to syslog, what is the
>purpose of the attack? Are they just hoping to luck in to an open
>account? The odds of guessing the right account name and then guessing
>the correct password are astronomical to say the least.
Actually, sadly the odds are far too good given the cost to run such a
script. Unless you force users to use GOOD passwords, they will use dumb
ones.... Think Paris Hilton recently. The cost to let a script like that
go in the background and pound away at hosts that have open ssh access is
zilch. If you have ftpd running anywhere, you will see similar attempts
---Mike
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 4 之 12 篇):