SLUG Mailing List Archives

To: jam <jam@xxxxxxxxx>
Subject: Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs
From: Jan Schmidt <thaytan@xxxxxxxxxxxx>
Date: Thu, 05 Jun 2008 14:05:43 +0100
Cc: slug@xxxxxxxxxxx

On Tue, 2008-06-03 at 10:21 +0800, jam wrote:
> On Tuesday 03 June 2008 08:50:26 slug-request@xxxxxxxxxxx wrote:
> > [...]
> >
> > > The server had ssh access enabled via password entry and fell victim
> > > to a brute force password attack.  

> 
> First thanks to everyone who contributed to this interesting thread :-)
> 
> Some (and this is critique :-) not criticism) had credible offers eg Mary and 
> turning sendmail into an open relay, but many just had a BadThing happen.
> 
> Daniel talks about 'brute forcing' a password:
> say [A-Za-z0-9!@#$%^&*()_/?] and 6 chars passwords
> 
> 6**70 umm 70 * log (2) and 10**8 brute forces / sec

I think you mean the much more sedate number of 70^6 combinations. At
10^8 tests per sec, that's a much scarier (70^6)/(10^8) = 1176.5 secs,
or under 20 mins to check the entire password space.

Fortunately, external brute-force testing of passwords doesn't typically
run to anything like that many tests per second!

J.
-- 
Jan Schmidt <thaytan@xxxxxxxxxxxx>

References:
- Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs
  - From: jam

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] apache redirect
Next by Date: Re: [SLUG] Wine needs your help
Previous by thread: Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs
Next by thread: [SLUG] Spider a website

Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs