"What's the point?" C'mon, Ted. You know better than that. The point is people
with weak passwords. Remember the Dyn DDoS? That was brought on entirely by
devices with default passwords. As is a RasPi attack I read about on Slashdot
just this AM. Say 90% of servers/devices follow good security practices -- that
still leaves 10% that are susceptible. I imagine even a 1% return would still
get you a pretty sweet botnet. So, in my estimation at least, that is the point.
$.02,
-Ken
On June 11, 2017 10:17:35 AM EDT, Ted Roche <tedro...@gmail.com> wrote:
>For 36 hours now, one of my clients' servers has been logging ssh
>login attempts from around the world, low volume, persistent, but more
>frequent than usual. sshd is listening on a non-standard port, just to
>minimize the garbage in the logs.
>
>A couple of attempts is normal; we've seen that for years. But this is
>several each hour, and each hour an IP from a different country:
>Belgium, Korea, Switzerland, Bangladesh, France, China, Germany,
>Dallas, Greece. Usernames vary: root, mythtv, rheal, etc.
>
>There's several levels of defense in use: firewalls, intrusion
>detection, log monitoring, etc, so each script gets a few guesses and
>the IP is then rejected.
>
>In theory, the defenses should be sufficient, but I have a concern
>that I'm missing their strategy here. It's not a DDOS, they are very
>low volume. It will take them several millennia to guess enough
>dictionary attack guesses to get through, so what's the point?
>
>--
>Ted Roche
>Ted Roche & Associates, LLC
>http://www.tedroche.com
>_______________________________________________
>gnhlug-discuss mailing list
>gnhlug-discuss@mail.gnhlug.org
>http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
