Date: Fri, 11 Dec 2009 15:00:23 +0100 From: "Svein Skogen (Listmail Account)" <svein-listmail@stillbilde.net> To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= <des@des.no> Cc: Anton Shterenlikht <mexas@bristol.ac.uk>, freebsd-current@freebsd.org, $witch <a.spinella@rfc1925.net>, freebsd-questions@freebsd.org Subject: Re: Root exploit for FreeBSD Message-ID: <4B225077.3040009@stillbilde.net> In-Reply-To: <86tyvxlk68.fsf@ds4.des.no> References: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk> <op.u4rt7sclqr96hw@zeta> <86tyvxlk68.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dag-Erling Smørgrav wrote: > $witch <a.spinella@rfc1925.net> writes: >> but i look in syslogs of some FreeBSD internet server and there is a >> great evidence that some "botnets" are (again) tryng simple >> combination of uid/pwd. >> >> starting from Dec 8 01:00:34 (CET) hundreds of zombies are looking >> for a valid username. > > Starting from Dec 8? This has been going on for years, and it is not > targeted at FreeBSD; they attack anything that runs an SSH server. Of > course, on current OpenSSH versions, it will get them nowhere, because > there is no partial confirmation, so they have to guess at the user > *and* the password, instead of first searching for an existing user and > *then* guessing at the password. > > (on certain OSes - but not FreeBSD - running certain older OpenSSH > versions, you could figure out if the user existed, even if you didn't > have thee right password) The easiest way of brute-forcing access to a FreeBSD server includes locating the sysadmin and applying the common desk drawer. It's that simple. //Svein - -- - --------+-------------------+------------------------------- /"\ |Svein Skogen | svein@d80.iso100.no \ / |Solberg Østli 9 | PGP Key: 0xE5E76831 X |2020 Skedsmokorset | svein@jernhuset.no / \ |Norway | PGP Key: 0xCE96CE13 | | svein@stillbilde.net ascii | | PGP Key: 0x58CD33B6 ribbon |System Admin | svein-listmail@stillbilde.net Campaign|stillbilde.net | PGP Key: 0x22D494A4 +-------------------+------------------------------- |msn messenger: | Mobile Phone: +47 907 03 575 |svein@jernhuset.no | RIPE handle: SS16503-RIPE - --------+-------------------+------------------------------- If you really are in a hurry, mail me at svein-mobile@stillbilde.net This mailbox goes directly to my cellphone and is checked even when I'm not in front of my computer. - ------------------------------------------------------------ Picture Gallery: https://gallery.stillbilde.net/v/svein/ - ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksiUHcACgkQODUnwSLUlKT/MwCfdWQsuwr8EIOkJOJsrXFTmTAY KroAn0pGiF4vbGgcfQqp6IwVULGqYcQk =7Qj5 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B225077.3040009>