Alan Cox wrote:
On Tue, Mar 18, 2008 at 04:34:32AM -0700, Andrew Farris wrote:
Well I understand why those are a high risk, but with root at least the
attacker knows the username, normal usernames is a double blind brute force
right? I know my own system used to see many more root attempts than
No - scanning tools use email data, web data and statistical tables of common
usernames. Even a long time ago sending to usenet from
stupidname@xxxxxxxxx
resulting in dictionary attacks via ssh against anything in mybox.com with
username stupidname, including in some cases trying each word in the posting
Alan
Ok thanks, that makes sense for a larger picture I wasn't considering I guess.
I'm thinking along the lines of random attacker with a portscan on arbitrary
(desktop machine) IP ranges where one returns an ssh response, the most likely
user accounts to get attempted are root (does allow login by default) or known
service accounts (do not). Noone is likely to be reviewing logs, so attempts on
root's pass could go on for days and days and this wouldn't require anything so
sophisticated as data mining. That seems like unnecessarily risk to me for most
desktop users even if its lower risk.
I understand the need for root ssh to be open prior to firstboot, I don't
understand why it would need to remain that way unless an admin wanted it to be.
--
Andrew Farris <lordmorgul@xxxxxxxxx> www.lordmorgul.net
gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3
No one now has, and no one will ever again get, the big picture. - Daniel Geer
---- ----
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
