Honeypots mailing list archives
Re: Displaying SSH password attempts
From: Valdis.Kletnieks () vt edu
Date: Fri, 07 Jul 2006 17:09:55 -0400
On Fri, 07 Jul 2006 20:29:23 +0300, ader () ait edu gr said:
I would say that any attacker that tried to breach a system with such a poor security policy and failed, is under no circuimstances a threat for modern Network Security. I mean you left the door unlocked and a note saying you are not there... If the guy cant open the door he is incapable of harm and most probably a victim himself.
So tell me.. if you saw a flood of 62,497 totally lame ssh password probe attempts from the same set of 4 IP addresses, what are the chances that you'd be more likely to totally *fail* to notice a 4-packet zero-day from one of those 4 addresses? It's called "flying under the radar"....
Attachment:
_bin
Description:
Current thread:
- Displaying SSH password attempts Tom Doherty (Jul 05)
- Re: Displaying SSH password attempts Jeff Lake (Jul 05)
- Re: Displaying SSH password attempts Daniel Cid (Jul 05)
- <Possible follow-ups>
- Re: Displaying SSH password attempts Nikola (Jul 05)
- RE: Displaying SSH password attempts Dodge, R. LTC EECS (Jul 05)
- Re: Displaying SSH password attempts Valdis . Kletnieks (Jul 05)
- Re: Displaying SSH password attempts Harry Hoffman (Jul 05)
- Re: Displaying SSH password attempts Tom Doherty (Jul 05)
- Re: Displaying SSH password attempts Valdis . Kletnieks (Jul 05)
- Re: Displaying SSH password attempts ader (Jul 07)
- Re: Displaying SSH password attempts Valdis . Kletnieks (Jul 07)
- Re: Displaying SSH password attempts ader (Jul 11)