SLUG Mailing List Archives
Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs
- To: slug@xxxxxxxxxxx
- Subject: Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs
- From: jam <jam@xxxxxxxxx>
- Date: Tue, 3 Jun 2008 10:21:55 +0800
- User-agent: KMail/1.9.9
On Tuesday 03 June 2008 08:50:26 slug-request@xxxxxxxxxxx wrote:
> > The server had ssh access enabled via password entry and fell victim
> > to a brute force password attack.
> > I still do not know how the attacker located the machine. I presume
> > it was probably through a port scan which may have taken place some
> > time before.
> The most likely case is that they found the machine by brute force as
> well; a fair proportion of hostile modern software simply picks random
> IP addresses and attacks them in the hope that there is something
> This has the benefit, for the attacker, of turning up things that don't
> get advertised, and of having a very low cost to identify targets --
> especially when the economies of scale result in your large network
> being able to "randomly" scan more and more of the overall network.
First thanks to everyone who contributed to this interesting thread :-)
Some (and this is critique :-) not criticism) had credible offers eg Mary and
turning sendmail into an open relay, but many just had a BadThing happen.
Daniel talks about 'brute forcing' a password:
say [A-Za-z0-9!@#$%^&*()_/?] and 6 chars passwords
6**70 umm 70 * log (2) and 10**8 brute forces / sec
thats 10 to the power 60 secs! Sorry the universe went flat.
The the famous Win Mac Linux security shoot off: Win and Mac broken but no
body wanted the $10,000 and Sony Viao for breaking the linux box. Hmmmm.