Date: Fri, 11 Dec 2009 15:00:23 +0100 From: "Svein Skogen (Listmail Account)" <svein-listmail@stillbilde.net> To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= <des@des.no> Cc: Anton Shterenlikht <mexas@bristol.ac.uk>, freebsd-current@freebsd.org, $witch <a.spinella@rfc1925.net>, freebsd-questions@freebsd.org Subject: Re: Root exploit for FreeBSD Message-ID: <4B225077.3040009@stillbilde.net> In-Reply-To: <86tyvxlk68.fsf@ds4.des.no> References: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk> <op.u4rt7sclqr96hw@zeta> <86tyvxlk68.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dag-Erling Smørgrav wrote:
> $witch <a.spinella@rfc1925.net> writes:
>> but i look in syslogs of some FreeBSD internet server and there is a
>> great evidence that some "botnets" are (again) tryng simple
>> combination of uid/pwd.
>>
>> starting from Dec 8 01:00:34 (CET) hundreds of zombies are looking
>> for a valid username.
>
> Starting from Dec 8? This has been going on for years, and it is not
> targeted at FreeBSD; they attack anything that runs an SSH server. Of
> course, on current OpenSSH versions, it will get them nowhere, because
> there is no partial confirmation, so they have to guess at the user
> *and* the password, instead of first searching for an existing user and
> *then* guessing at the password.
>
> (on certain OSes - but not FreeBSD - running certain older OpenSSH
> versions, you could figure out if the user existed, even if you didn't
> have thee right password)
The easiest way of brute-forcing access to a FreeBSD server includes
locating the sysadmin and applying the common desk drawer. It's that simple.
//Svein
- --
- --------+-------------------+-------------------------------
/"\ |Svein Skogen | svein@d80.iso100.no
\ / |Solberg Østli 9 | PGP Key: 0xE5E76831
X |2020 Skedsmokorset | svein@jernhuset.no
/ \ |Norway | PGP Key: 0xCE96CE13
| | svein@stillbilde.net
ascii | | PGP Key: 0x58CD33B6
ribbon |System Admin | svein-listmail@stillbilde.net
Campaign|stillbilde.net | PGP Key: 0x22D494A4
+-------------------+-------------------------------
|msn messenger: | Mobile Phone: +47 907 03 575
|svein@jernhuset.no | RIPE handle: SS16503-RIPE
- --------+-------------------+-------------------------------
If you really are in a hurry, mail me at
svein-mobile@stillbilde.net
This mailbox goes directly to my cellphone and is checked
even when I'm not in front of my computer.
- ------------------------------------------------------------
Picture Gallery:
https://gallery.stillbilde.net/v/svein/
- ------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksiUHcACgkQODUnwSLUlKT/MwCfdWQsuwr8EIOkJOJsrXFTmTAY
KroAn0pGiF4vbGgcfQqp6IwVULGqYcQk
=7Qj5
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B225077.3040009>