Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Passwords & Passphrases

From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Tue, 20 Nov 2007 11:51:24 -0600
Consider also that trojaned SSH clients and servers which record username/host/password tuples have been seen in the 
wild since the late 1990s.

    -jml


Mike Porter <mike () UDEL EDU> 2007-11-20 08:42 >>>

On Mon, 19 Nov 2007, Mike Iglesias wrote:


Bob Bayn wrote:

What finally prompted us to get off our "any 4 or more characters"
butts was dictionary attacks that were hitting our proxy server
and VPN server from Chinese IP addresses.  Once past our firewall
through proxy or VPN they are able to snoop our network from inside
probing machines undetected,  and do unappreciated things like
download subscription databases from the library until the provider
got suspicious of the traffic.


We see some of this too, but I'm pretty sure most of logins from China are
using passwords captured by keyloggers, not password guessing.  There's no
pattern of repeated login attempts to the accounts used - they just log in,
log out, and move on to the next account/password.


We've been seeing this too.  One possible way the passwords are
being captured is people running unencrypted protocols over their
cable modem from home.

In our case, the connections are usually from an outfit using an
Irael based network provider.

Mike
Previous By Date Next
Previous By Thread Next

Current thread: