Security Basics mailing list archives

Re: help:tool to bruteforce ssh connections

From: kevin fielder <kevin.fielder () gmail com>
Date: Wed, 20 May 2009 13:20:40 +0100

Hi

I think quite a few tools and the rationale as to why they work have
been covered already, but I thought this story may be of interest:

http://www.scmagazineuk.com/Flaw-found-in-SSH-that-might-allow-encrypted-data-to-be-accessed/article/136498/

Slightly off topic, but if developed further this could lead to a
whole new attack vector for SSH rather than just using brute force
tools, well until it was fixed and everyone patched their systems of
course! :)

Cheers

Kevin


-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of v3nd3rs5uck
Sent: 11 May 2009 19:13
To: cy10 () no-email com; Gregory Boyce
Cc: security-basics () securityfocus com
Subject: Re: help:tool to bruteforce ssh connections


There are many issues that still today are unresolved. It does amaze
the mind though.

--- On Mon, 5/11/09, Gregory Boyce <gregory.boyce () gmail com> wrote:

From: Gregory Boyce <gregory.boyce () gmail com>
Subject: Re: help:tool to bruteforce ssh connections
To: "cy10 () no-email com" <cy10 () no-email com>
Cc: "security-basics () securityfocus com"
<security-basics () securityfocus com>
Date: Monday, May 11, 2009, 7:04 AM
I used to investigate and report
those sorts of attacks.  In just about every instance the attacking
system was one that had fallen to the exact same attack.

The fact you see attacks is proof they still work.

On May 7, 2009, at 5:12 PM, cy10 () no-email com
wrote:

I'd have to ask how effective this is as well. My

firewall alerts me every time some kid runs a bf on my ssh door. I say
kid, becuase if it's not root (does ANYONE still allow ssh to root???)
or some ridiculous username; admin, sales, etc.


I used to get 50-100 such alerts from my firewall

everyday. After blocking entire countries (only four so far, use your
imagination) that number has dropped to like less than a half dozen.


Kind of hard to believe there are still people out

there not securing SSH. Sigh...


/rant

----------------------------------------------------------------------
--

This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot

Camp in both Instructor-Led and Online formats is the most
concentrated exam prep available. Comprehensive course materials and
an expert instructor means you pass the exam.
Gain a laser like insight into what is covered on the exam, with zero
fluff!


http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html

----------------------------------------------------------------------
--


----------------------------------------------------------------------
-- This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both
Instructor-Led and Online formats is the most concentrated exam prep
available. Comprehensive course materials and an expert instructor
means you pass the exam.
Gain a laser like insight into what is covered on the exam, with zero
fluff!
http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
----------------------------------------------------------------------
--





------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both
Instructor-Led and Online formats is the most concentrated exam prep
available. Comprehensive course materials and an expert instructor
means you pass the exam. Gain a laser like insight into what is
covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

Re: help:tool to bruteforce ssh connections, (continued)
- Re: help:tool to bruteforce ssh connections Nikhil Wagholikar (May 06)
- Re: help:tool to bruteforce ssh connections Aarón Mizrachi (May 06)
  - Re: help:tool to bruteforce ssh connections Ell0 (May 07)
    - Re: help:tool to bruteforce ssh connections Mike Acker (May 07)
  - Re: help:tool to bruteforce ssh connections Andy Harley (May 07)
    - Re: help:tool to bruteforce ssh connections Aarón Mizrachi (May 07)
    - Re: help:tool to bruteforce ssh connections Mike Acker (May 08)
- Re: Re: help:tool to bruteforce ssh connections cy10 (May 08)
  - Re: help:tool to bruteforce ssh connections Gregory Boyce (May 11)
- Re: help:tool to bruteforce ssh connections v3nd3rs5uck (May 11)
  - Message not available
    - Message not available
    - Re: help:tool to bruteforce ssh connections kevin fielder (May 20)