Security Incidents mailing list archives
Re: Weird SSH attack last night and this morning (still ongoing)
From: Valdis.Kletnieks () vt edu
Date: Thu, 15 May 2008 17:41:47 -0400
On Wed, 14 May 2008 19:05:21 EDT, Gary Baribault said:
I doubt it, that's a man in the middle attack if I understood, this is a kind of distributed brute force and as I said in a more recent post,
No, the Debian OpenSSH vuln isn't a MITM attack (although it could be used as *part* of one). The problem is that rather than trillions upon trillions of possible keys, it would only generate one of some 2^18 keys, making the brute forcing much easier (if you had a botnet of 10,000 bots, you could break a weak key with an average of only 13 probes per bot, as opposed to the several million year's worth of probes it should have taken).
Attachment:
_bin
Description:
Current thread:
- Re: Weird SSH attack last night and this morning (still ongoing), (continued)
- Message not available
- Re: Weird SSH attack last night and this morning (still ongoing) Gary Baribault (May 07)
- Re: Weird SSH attack last night and this morning (still ongoing) Bartholomew Mallio (May 07)
- Message not available
- RE: Weird SSH attack last night and this morning (still ongoing) Erin Carroll (May 07)
- Message not available
- Re: Weird SSH attack last night and this morning (still ongoing) Gary Baribault (May 07)
- Message not available
- Re: Weird SSH attack last night and this morning (still ongoing) Valdis . Kletnieks (May 07)
- Re: Weird SSH attack last night and this morning (still ongoing) Gary Baribault (May 07)
- Re: Weird SSH attack last night and this morning (still ongoing) Gary Baribault (May 14)
- Re: Weird SSH attack last night and this morning (still ongoing) Valdis . Kletnieks (May 15)
- Message not available
- Re: Weird SSH attack last night and this morning (still ongoing) Valdis . Kletnieks (May 16)
- Message not available
- Re: Weird SSH attack last night and this morning (still ongoing) Valdis . Kletnieks (May 16)