SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)

Thomas M Steenholdt tmus at tmus.dk
Thu Mar 22 14:51:28 UTC 2007


Arthur Pemberton wrote:
> On 3/21/07, Nicolas Mailhot <nicolas.mailhot at laposte.net> wrote:
>> Le mercredi 21 mars 2007 à 17:45 -0500, Arthur Pemberton a écrit :
>> > On 3/21/07, Nicolas Mailhot <nicolas.mailhot at laposte.net> wrote:
>>
>> > > attackers *do* brute-force usernames, probably because root is 
>> usually
>> > > secured but you can hope hitting a user account with no password
>> > >
>> > > install pam_abl. It will profile the attacks for you (for exemple 
>> on my
>> > > system root is the most attacked user but this is dwarfed by one-shot
>> > > dictionary-user tries)
>> >
>> > Hence my point of havign root login off by default.
>>
>> Hence my point that most attack scripts don't even care about root
>> anymore :) Any user account will do, and they use common username
>> databases
>>
> 
> Yes, but root always exists. The others are purely hit and miss
> 

Exactly - root exists and the attackers know this. For other users, both 
the usernames AND their passwords will have to be bruteforced...

/Thomas




More information about the fedora-devel-list mailing list