Educause Security Discussion mailing list archives
Re: SSH dictionary attack dictionary
From: John Kristoff <jtk () DEPAUL EDU>
Date: Tue, 11 Aug 2009 10:48:01 -0500
On Mon, Aug 10, 2009 at 03:57:49PM -0700, Andrew Daviel wrote:
Ever wondered what passwords those annoying SSH dictionary attacks were trying ? At some point I modified sshd to collect failed passwords. In 2006 I saw some 200 attempts against root and basically 1 each against a "baby's first name" list with username=password.
Hi Andre. I've been involved in a project that has been doing this too (among other things). I've seen brute force attempts from a single host lasting more than a day and many of the passwords have not been dictionary words. I hope people pay attention to this, because it really does elevate the benefit of avoiding passwords (I use keys myself, but I know its not always easy for the average user).
Recently I saw some 600 against root, and a dozen each against other common accounts like "sales", "helpdesk" etc.
Only 600? :-) FYI you may be interested in this: <http://sock-raw.org/papers/openssh_library> John
Current thread:
- SSH dictionary attack dictionary Andrew Daviel (Aug 10)
- <Possible follow-ups>
- Re: SSH dictionary attack dictionary Patrick P Murphy (Aug 10)
- Re: SSH dictionary attack dictionary Brad Edmondson (Aug 10)
- Re: SSH dictionary attack dictionary Patrick P Murphy (Aug 11)
- Re: SSH dictionary attack dictionary John Kristoff (Aug 11)
- Re: SSH dictionary attack dictionary Bob Bayn (Aug 11)
- Re: SSH dictionary attack dictionary Chris Schenk (Aug 11)
- Re: SSH dictionary attack dictionary Louis Anthony Arminio (Aug 11)
- Re: SSH dictionary attack dictionary Di Fabio, Andrea (Aug 11)
- Re: SSH dictionary attack dictionary Bruce Curtis (Aug 11)
- Re: SSH dictionary attack dictionary Plesco, Todd (Aug 11)
- Re: SSH dictionary attack dictionary Andrew Daviel (Aug 11)