[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
- From: Nicolas Mailhot <nicolas mailhot laposte net>
- To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
- Subject: Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
- Date: Wed, 21 Mar 2007 23:54:04 +0100
Le mercredi 21 mars 2007 à 17:45 -0500, Arthur Pemberton a écrit :
> On 3/21/07, Nicolas Mailhot <nicolas mailhot laposte net> wrote:
> > attackers *do* brute-force usernames, probably because root is usually
> > secured but you can hope hitting a user account with no password
> >
> > install pam_abl. It will profile the attacks for you (for exemple on my
> > system root is the most attacked user but this is dwarfed by one-shot
> > dictionary-user tries)
>
> Hence my point of havign root login off by default.
Hence my point that most attack scripts don't even care about root
anymore :) Any user account will do, and they use common username
databases
Failed users:
(1)
Not blocking
nim (1)
Not blocking
+ (1)
Not blocking
-nim (1)
Not blocking
. (1)
Not blocking
000 (1)
Not blocking
0000 (1)
Not blocking
00000 (1)
...
rooms (1)
Not blocking
rooot (2)
Not blocking
roosevelt (1)
Not blocking
root (340)
Not blocking
root-admin (5)
Not blocking
root-oliver (3)
Not blocking
root1 (1)
Not blocking
root12 (1)
Not blocking
root123 (1)
...
zuza123 (1)
Not blocking
zv (1)
Not blocking
zvfx (1)
Not blocking
zw (1)
Not blocking
zx (1)
Not blocking
zxc (1)
Not blocking
zxvf (3)
Not blocking
zy (1)
Not blocking
zz (1)
Not blocking
zzhou (1)
Not blocking
zzz (3)
Not blocking
zzzz (1)
Not blocking
édith (1)
Not blocking
éliane (1)
Not blocking
élise (1)
Not blocking
éloise (1)
Not blocking
émilie (1)
Not blocking
root (1)
Not blocking
(count is usually higher, I reseted the cache recently)
--
Nicolas Mailhot
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]