On Tuesday 03 June 2008 08:50:26 [EMAIL PROTECTED] wrote: > [...] > > > The server had ssh access enabled via password entry and fell victim > > to a brute force password attack. > > [...] > > > I still do not know how the attacker located the machine. I presume > > it was probably through a port scan which may have taken place some > > time before. > > The most likely case is that they found the machine by brute force as > well; a fair proportion of hostile modern software simply picks random > IP addresses and attacks them in the hope that there is something > vulnerable. > > This has the benefit, for the attacker, of turning up things that don't > get advertised, and of having a very low cost to identify targets -- > especially when the economies of scale result in your large network > being able to "randomly" scan more and more of the overall network.
First thanks to everyone who contributed to this interesting thread :-) Some (and this is critique :-) not criticism) had credible offers eg Mary and turning sendmail into an open relay, but many just had a BadThing happen. Daniel talks about 'brute forcing' a password: say [EMAIL PROTECTED]&*()_/?] and 6 chars passwords 6**70 umm 70 * log (2) and 10**8 brute forces / sec thats 10 to the power 60 secs! Sorry the universe went flat. The the famous Win Mac Linux security shoot off: Win and Mac broken but no body wanted the $10,000 and Sony Viao for breaking the linux box. Hmmmm. James -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
