Full Disclosure mailing list archives
Re: Automated ssh scanning
From: Tig <tigger () onemoremonkey com>
Date: Fri, 27 Aug 2004 00:28:24 +1000
On Thu, 26 Aug 2004 09:08:15 -0500 (CDT) Ron DuFresne <dufresne () winternet com> wrote:
the real thing this user most likely suffered from was the weak account passwd double, guest:guest. Now, if the admin and other account were setup with strong passwd's and this account was either setup with a strong passwd or not setup at all might be a better test of the stability of ssh and the debain setup in question. Thanks, Ron DuFresne
I think some people are not really reading or understanding what is going on. The box was a default install with one or two weak passwords for _user_ accounts and a _strong_ password for the root. Withing a short while, the root account was compromised, after the weak user account was broken. I suggest people re-read what Richard Verwayen has been saying (in German English, but still very readable :]) Basically, if you have a weak password on a user account, your root account on a Debain box is screwed, other *nix distros maybe as well. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Automated ssh scanning Richard Verwayen (Aug 25)
- Re: Automated ssh scanning Gerry Eisenhaur (Aug 25)
- Re: Automated ssh scanning Tig (Aug 26)
- Re: Automated ssh scanning Ron DuFresne (Aug 26)
- Re: Automated ssh scanning Tig (Aug 26)
- Re: Automated ssh scanning Tremaine (Aug 26)
- Re: Automated ssh scanning Gerry Eisenhaur (Aug 26)
- Re: Automated ssh scanning Tig (Aug 26)
- Re: Automated ssh scanning Gerry Eisenhaur (Aug 25)
- Re: Automated ssh scanning VeNoMouS (Aug 25)
- Re: Automated ssh scanning VeNoMouS (Aug 25)
- Re: Automated ssh scanning Henrik Persson (Aug 25)
- Re: Automated ssh scanning Richard Verwayen (Aug 26)
- Re: Automated ssh scanning Henrik Persson (Aug 26)
- Re: Automated ssh scanning Richard Verwayen (Aug 26)
- Re: Automated ssh scanning VeNoMouS (Aug 25)
- Re: Automated ssh scanning David Vincent (Aug 25)
- Re: Automated ssh scanning Richard Verwayen (Aug 26)