SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
Nicolas Mailhot
nicolas.mailhot at laposte.net
Wed Mar 21 22:54:04 UTC 2007
Le mercredi 21 mars 2007 à 17:45 -0500, Arthur Pemberton a écrit :
> On 3/21/07, Nicolas Mailhot <nicolas.mailhot at laposte.net> wrote:
> > attackers *do* brute-force usernames, probably because root is usually
> > secured but you can hope hitting a user account with no password
> >
> > install pam_abl. It will profile the attacks for you (for exemple on my
> > system root is the most attacked user but this is dwarfed by one-shot
> > dictionary-user tries)
>
> Hence my point of havign root login off by default.
Hence my point that most attack scripts don't even care about root
anymore :) Any user account will do, and they use common username
databases
Failed users:
(1)
Not blocking
nim (1)
Not blocking
+ (1)
Not blocking
-nim (1)
Not blocking
. (1)
Not blocking
000 (1)
Not blocking
0000 (1)
Not blocking
00000 (1)
...
rooms (1)
Not blocking
rooot (2)
Not blocking
roosevelt (1)
Not blocking
root (340)
Not blocking
root-admin (5)
Not blocking
root-oliver (3)
Not blocking
root1 (1)
Not blocking
root12 (1)
Not blocking
root123 (1)
...
zuza123 (1)
Not blocking
zv (1)
Not blocking
zvfx (1)
Not blocking
zw (1)
Not blocking
zx (1)
Not blocking
zxc (1)
Not blocking
zxvf (3)
Not blocking
zy (1)
Not blocking
zz (1)
Not blocking
zzhou (1)
Not blocking
zzz (3)
Not blocking
zzzz (1)
Not blocking
édith (1)
Not blocking
éliane (1)
Not blocking
élise (1)
Not blocking
éloise (1)
Not blocking
émilie (1)
Not blocking
root (1)
Not blocking
(count is usually higher, I reseted the cache recently)
--
Nicolas Mailhot
More information about the fedora-devel-list
mailing list