Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Dec 2009 15:00:23 +0100
From:      "Svein Skogen (Listmail Account)" <svein-listmail@stillbilde.net>
To:        =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= <des@des.no>
Cc:        Anton Shterenlikht <mexas@bristol.ac.uk>, freebsd-current@freebsd.org, $witch <a.spinella@rfc1925.net>, freebsd-questions@freebsd.org
Subject:   Re: Root exploit for FreeBSD
Message-ID:  <4B225077.3040009@stillbilde.net>
In-Reply-To: <86tyvxlk68.fsf@ds4.des.no>
References:  <20091210144141.GB834@mech-cluster241.men.bris.ac.uk>	<op.u4rt7sclqr96hw@zeta> <86tyvxlk68.fsf@ds4.des.no>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dag-Erling Smørgrav wrote:
> $witch <a.spinella@rfc1925.net> writes:
>> but i look in syslogs of some FreeBSD internet server and there is a
>> great evidence that some "botnets" are (again) tryng simple
>> combination of  uid/pwd.
>>
>> starting from Dec  8 01:00:34 (CET) hundreds of zombies are looking
>> for a valid username.
> 
> Starting from Dec 8?  This has been going on for years, and it is not
> targeted at FreeBSD; they attack anything that runs an SSH server.  Of
> course, on current OpenSSH versions, it will get them nowhere, because
> there is no partial confirmation, so they have to guess at the user
> *and* the password, instead of first searching for an existing user and
> *then* guessing at the password.
> 
> (on certain OSes - but not FreeBSD - running certain older OpenSSH
> versions, you could figure out if the user existed, even if you didn't
> have thee right password)

The easiest way of brute-forcing access to a FreeBSD server includes
locating the sysadmin and applying the common desk drawer. It's that simple.

//Svein

- --
- --------+-------------------+-------------------------------
  /"\   |Svein Skogen       | svein@d80.iso100.no
  \ /   |Solberg Østli 9    | PGP Key:  0xE5E76831
   X    |2020 Skedsmokorset | svein@jernhuset.no
  / \   |Norway             | PGP Key:  0xCE96CE13
        |                   | svein@stillbilde.net
 ascii  |                   | PGP Key:  0x58CD33B6
 ribbon |System Admin       | svein-listmail@stillbilde.net
Campaign|stillbilde.net     | PGP Key:  0x22D494A4
        +-------------------+-------------------------------
        |msn messenger:     | Mobile Phone: +47 907 03 575
        |svein@jernhuset.no | RIPE handle:    SS16503-RIPE
- --------+-------------------+-------------------------------
         If you really are in a hurry, mail me at
               svein-mobile@stillbilde.net
 This mailbox goes directly to my cellphone and is checked
        even when I'm not in front of my computer.
- ------------------------------------------------------------
                     Picture Gallery:
          https://gallery.stillbilde.net/v/svein/
- ------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksiUHcACgkQODUnwSLUlKT/MwCfdWQsuwr8EIOkJOJsrXFTmTAY
KroAn0pGiF4vbGgcfQqp6IwVULGqYcQk
=7Qj5
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4B225077.3040009>