[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: A Topic that needs to be discussed on next the QA meeting..

From: Alan Cox <alan redhat com>
To: For testers of Fedora Core development releases <fedora-test-list redhat com>
Subject: Re: A Topic that needs to be discussed on next the QA meeting..
Date: Tue, 18 Mar 2008 10:01:50 -0400

On Tue, Mar 18, 2008 at 04:34:32AM -0700, Andrew Farris wrote:
> Well I understand why those are a high risk, but with root at least the 
> attacker knows the username, normal usernames is a double blind brute force 
> right?  I know my own system used to see many more root attempts than 

No - scanning tools use email data, web data and statistical tables of common
usernames.  Even a long time ago sending to usenet from

	stupidname mybox com

resulting in dictionary attacks via ssh against anything in mybox.com with
username stupidname, including in some cases trying each word in the posting

Alan

Follow-Ups:
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Andrew Farris

References:
- A Topic that needs to be discussed on next the QA meeting..
  - From: Johann B. Gudmundsson
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Jon Stanley
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Johann B. Gudmundsson
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Andrew Farris
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Tomas Mraz
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Andrew Farris
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Alan Cox
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Andrew Farris

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]