[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)



Le mercredi 21 mars 2007 à 17:45 -0500, Arthur Pemberton a écrit :
> On 3/21/07, Nicolas Mailhot <nicolas mailhot laposte net> wrote:

> > attackers *do* brute-force usernames, probably because root is usually
> > secured but you can hope hitting a user account with no password
> >
> > install pam_abl. It will profile the attacks for you (for exemple on my
> > system root is the most attacked user but this is dwarfed by one-shot
> > dictionary-user tries)
> 
> Hence my point of havign root login off by default.

Hence my point that most attack scripts don't even care about root
anymore :) Any user account will do, and they use common username
databases

Failed users:
     (1)
        Not blocking
     nim (1)
        Not blocking
    + (1)
        Not blocking
    -nim (1)
        Not blocking
    . (1)
        Not blocking
    000 (1)
        Not blocking
    0000 (1)
        Not blocking
    00000 (1)
...
    rooms (1)
        Not blocking
    rooot (2)
        Not blocking
    roosevelt (1)
        Not blocking
    root (340)
        Not blocking
    root-admin (5)
        Not blocking
    root-oliver (3)
        Not blocking
    root1 (1)
        Not blocking
    root12 (1)
        Not blocking
    root123 (1)
...
    zuza123 (1)
        Not blocking
    zv (1)
        Not blocking
    zvfx (1)
        Not blocking
    zw (1)
        Not blocking
    zx (1)
        Not blocking
    zxc (1)
        Not blocking
    zxvf (3)
        Not blocking
    zy (1)
        Not blocking
    zz (1)
        Not blocking
    zzhou (1)
        Not blocking
    zzz (3)
        Not blocking
    zzzz (1)
        Not blocking
    édith (1)
        Not blocking
    éliane (1)
        Not blocking
    élise (1)
        Not blocking
    éloise (1)
        Not blocking
    émilie (1)
        Not blocking
    root (1)
        Not blocking

(count is usually higher, I reseted the cache recently)

-- 
Nicolas Mailhot


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]