| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4363AEA1.27090.691FB82@gmail.com> Date: Sat Oct 29 05:17:37 2005 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Brain dead SSH scans from Italy Etaoin Shrdlu wrote: <<snip>> > Thanks to whomever finally got through, however you did it. I had actually > allowed one host to start responding, and it had gotten to the part I > always least understand, i.e. the tries for root's password. I mean, > really, are there that many hosts out there with root accounts that can be > guessed with an automated password guesser? ... Define "that many"... It's not about the total number -- it's simply about the fact that there really are some, and we know that here some == quite a few more than one. Better to think of it in terms of a proportion though, then allow that the law of large numbers kicks in _on both the attackers' and victims' sides of the equation_. If the potential attackers can run their probes from a botnet then they reduce their own workload significantly are not even risking discovery or any real "loss" if they tracked/shut-down as it is all but guaranteed that all they will lose is a bot or two in the odd case where someone will care enough to try to track down "the attacker". And if the available victims are, say 0.00015% of all machines, scanning a few million machines gets you plenty more new victims. And that's not even considering that some machines may be more worthwhile cracking than others... Regards, Nick FitzGerald
Powered by blists - more mailing lists