What's the strategy for bad guys guessing a few ssh passwords?

Ken D'Ambrosio ken at jots.org
Sun Jun 11 10:48:23 EDT 2017 

"What's the point?" C'mon, Ted. You know better than that. The point is people with weak passwords. Remember the Dyn DDoS? That was brought on entirely by devices with default passwords. As is a RasPi attack I read about on Slashdot just this AM. Say 90% of servers/devices follow good security practices -- that still leaves 10% that are susceptible. I imagine even a 1% return would still get you a pretty sweet botnet. So, in my estimation at least, that is the point.

$.02,

-Ken

On June 11, 2017 10:17:35 AM EDT, Ted Roche <tedroche at gmail.com> wrote:
>For 36 hours now, one of my clients' servers has been logging ssh
>login attempts from around the world, low volume, persistent, but more
>frequent than usual. sshd is listening on a non-standard port, just to
>minimize the garbage in the logs.
>
>A couple of attempts is normal; we've seen that for years. But this is
>several each  hour, and each hour an IP from a different country:
>Belgium, Korea, Switzerland, Bangladesh, France, China, Germany,
>Dallas, Greece. Usernames vary: root, mythtv, rheal, etc.
>
>There's several levels of defense in use: firewalls, intrusion
>detection, log monitoring, etc, so each script gets a few guesses and
>the IP is then rejected.
>
>In theory, the defenses should be sufficient, but I have a concern
>that I'm missing their strategy here. It's not a DDOS, they are very
>low volume. It will take them several millennia to guess enough
>dictionary attack guesses to get through, so what's the point?
>
>-- 
>Ted Roche
>Ted Roche & Associates, LLC
>http://www.tedroche.com
>_______________________________________________
>gnhlug-discuss mailing list
>gnhlug-discuss at mail.gnhlug.org
>http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20170611/ebaddc37/attachment.html

More information about the gnhlug-discuss mailing list