[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)



Arthur Pemberton wrote:
On 3/21/07, Nicolas Mailhot <nicolas mailhot laposte net> wrote:
Le mercredi 21 mars 2007 à 17:45 -0500, Arthur Pemberton a écrit :
> On 3/21/07, Nicolas Mailhot <nicolas mailhot laposte net> wrote:

> > attackers *do* brute-force usernames, probably because root is usually
> > secured but you can hope hitting a user account with no password
> >
> > install pam_abl. It will profile the attacks for you (for exemple on my
> > system root is the most attacked user but this is dwarfed by one-shot
> > dictionary-user tries)
>
> Hence my point of havign root login off by default.

Hence my point that most attack scripts don't even care about root
anymore :) Any user account will do, and they use common username
databases


Yes, but root always exists. The others are purely hit and miss


Exactly - root exists and the attackers know this. For other users, both the usernames AND their passwords will have to be bruteforced...

/Thomas


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]