Educause Security Discussion mailing list archives
Re: Passwords & Passphrases
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Tue, 20 Nov 2007 11:51:24 -0600
Consider also that trojaned SSH clients and servers which record username/host/password tuples have been seen in the wild since the late 1990s. -jml
Mike Porter <mike () UDEL EDU> 2007-11-20 08:42 >>>
On Mon, 19 Nov 2007, Mike Iglesias wrote:
Bob Bayn wrote:What finally prompted us to get off our "any 4 or more characters" butts was dictionary attacks that were hitting our proxy server and VPN server from Chinese IP addresses. Once past our firewall through proxy or VPN they are able to snoop our network from inside probing machines undetected, and do unappreciated things like download subscription databases from the library until the provider got suspicious of the traffic.We see some of this too, but I'm pretty sure most of logins from China are using passwords captured by keyloggers, not password guessing. There's no pattern of repeated login attempts to the accounts used - they just log in, log out, and move on to the next account/password.
We've been seeing this too. One possible way the passwords are being captured is people running unencrypted protocols over their cable modem from home. In our case, the connections are usually from an outfit using an Irael based network provider. Mike
Current thread:
- Re: Passwords & Passphrases, (continued)
- Re: Passwords & Passphrases Harold Winshel (Nov 20)
- Re: Passwords & Passphrases Gary Dobbins (Nov 20)
- Re: Passwords & Passphrases Peters, Kevin (Nov 20)
- Re: Passwords & Passphrases Mike Porter (Nov 20)
- Re: Passwords & Passphrases Willis Marti (Nov 20)
- Re: Passwords & Passphrases Bob Bayn (Nov 20)
- Re: Passwords & Passphrases Steven Carmody (Nov 20)
- Re: Passwords & Passphrases Roger Safian (Nov 20)
- Re: Passwords & Passphrases Harold Winshel (Nov 20)
- Re: Passwords & Passphrases Steven Alexander (Nov 20)
- Re: Passwords & Passphrases John Ladwig (Nov 20)
- Re: Passwords & Passphrases Ozzie Paez (Nov 20)
- Re: Passwords & Passphrases David Harley (Nov 20)
- Re: Passwords & Passphrases Zach Jansen (Nov 20)
- Re: Passwords & Passphrases Gary Flynn (Nov 20)
- Re: Passwords & Passphrases Matthew Gracie (Nov 20)
- Re: Fwd: Passwords & Passphrases Andrea Beesing (Nov 20)
- Re: Passwords & Passphrases Eric Case (Nov 21)
- Re: Passwords & Passphrases Andrea Beesing (Nov 25)
- Re: Passwords & Passphrases Kees Leune (Nov 26)
- Re: Passwords & Passphrases Paul Keser (Nov 26)