Bugtraq mailing list archives
Re: brute force
From: jacob () esisys com (Jacob Langseth)
Date: Thu, 11 Jul 1996 02:54:52 -0400
From: Christopher Klaus <cklaus () iss net>
[...]
a tool like ssh. But even ssh can be bruteforced, it is just a LOT more time consuming since it only allows 1 try per connection and there is quite a bit of time consumed generating the random keys for transferring.
Interestingly, o It is the ssh client that disconnects after the first failure. o Sshd (v1.2.13, atleast) will allow unlimited password attempts and does not produce logs regarding the failure(s). o Ssh is often allowed through otherwise restrictive filters or firewalls. This makes ssh a bit more appealing for brute-force cracks than one might first suspect... -JwL --- /usr/local/src/ssh-1.2.13/sshconnect.c Sun Feb 11 14:45:19 1996 +++ sshconnect.c Thu Jul 11 00:16:27 1996 @@ -1132,6 +1132,10 @@ debug("Doing password authentication."); if (options->cipher == SSH_CIPHER_NONE) log("WARNING: Encryption is disabled! Password will be transmitted in clear text."); + +type = SSH_SMSG_FAILURE; +while( type==SSH_SMSG_FAILURE ) + { password = read_passphrase(pw->pw_uid, "Password: ", 0); packet_start(SSH_CMSG_AUTH_PASSWORD); packet_put_string(password, strlen(password)); @@ -1147,6 +1151,7 @@ packet_disconnect("Protocol error: got %d in response to passwd auth", type); } + } /* endwhile( type==SSH_SMSG_FAILURE ) */ /* All authentication methods have failed. Exit with an error message. */ fatal("Permission denied."); -- Jacob Langseth -=-finger for PGP key-=- Enhanced Systems, Inc. email: jacob () esisys com 6961 PeachTree Ind Blvd voice: (770) 662-1504 ext. 684 Norcross, GA 30092 fax: (770) 662-1537
Current thread:
- Re: brute force Jacob Langseth (Jul 10)
- Re: brute force Buckaroo Banzai (Jul 16)
- Holly Wars Aleph One (Jul 16)
- [linux-security] sliplogin (fwd) Paul Danckaert (Jul 16)
- Re: [linux-security] sliplogin (fwd) Nate Williams (Jul 16)
- HP/UX 10.01 Remote Administration accoun Matt Barrie SYD (Jul 16)
- locate Ian Otsane (Jul 16)
- Re: locate Christian Limpach (Jul 17)
- FreeBSD Security Advisory 96:17 - rzsz FreeBSD Security Officer (Jul 17)
- FreeBSD Security Advisory 96:16 - rdist FreeBSD Security Officer (Jul 17)