Date: Wed, 06 Apr 2005 11:56:29 -0400 From: Mike Tancsa <mike@sentex.net> To: Martin McCormick <martin@dc.cis.okstate.edu>, freebsd-security@freebsd.org Subject: Re: What is this Very Stupid DOS Attack Script? Message-ID: <6.2.1.2.0.20050406114850.04d0b538@64.7.153.2> In-Reply-To: <200504061549.j36Fn8Y5082507@dc.cis.okstate.edu> References: <200504061549.j36Fn8Y5082507@dc.cis.okstate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:49 AM 06/04/2005, Martin McCormick wrote:
> We have been noticing flurries of sshd reject messages in
>which some system out there in the hinterlands hits us with a flood of
>ssh login attempts. An example:
>
>Apr 6 05:41:51 dc sshd[88763]: Did not receive identification
> string from 67.19.58.170
>Apr 6 05:49:42 dc sshd[12389]: input_userauth_request: illegal
> user anonymous
> Other than spewing lots of entries in to syslog, what is the
>purpose of the attack? Are they just hoping to luck in to an open
>account? The odds of guessing the right account name and then guessing
>the correct password are astronomical to say the least.
Actually, sadly the odds are far too good given the cost to run such a
script. Unless you force users to use GOOD passwords, they will use dumb
ones.... Think Paris Hilton recently. The cost to let a script like that
go in the background and pound away at hosts that have open ssh access is
zilch. If you have ftpd running anywhere, you will see similar attempts
---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.1.2.0.20050406114850.04d0b538>