[lug] Attacks Intensifying

Matt Thompson thompsma at colorado.edu
Thu Oct 28 12:27:09 MDT 2004


On Thu, 2004-10-28 at 11:05, Bill Thoen wrote:
> On Thu, 28 Oct 2004, Matt Thompson wrote:
> 
> > Well, the older root specific version was like this:
> > 
> > http://www.k-otik.com/exploits/08202004.brutessh2.c.php
> 
> Intersting... Looks like they aren't even looking at mixed-case ones, and 
> few (if any) over 8 characters.
> 
> Do people really use passwords for root that are as simple 
> as these? Even the "clever" ones are sort of stupid. (e.g. q1w2e3, a 
> keyboard pattern, and ib6ub9, a sounds-like-real-words etc.) Maybe P.T. 
> Barnum was right when he said, "You won't go broke underestimating the 
> intelligence of the public."
> 
> > So, you could take that as a baseline.  By now I'm sure some kiddie has
> > expanded the dictionary.  I'm guessing there isn't a john-like
> > number/capital type search since I've only ever gotten around 2000 or so
> > attempts a day at its peak.  A john-type attack should generate a lot
> > more.
> 
> What's a john-like attack?

Well, I just mean how john (the ripper) uses some of those mangling
rules to its wordlist.  Things like pluralizing, ing-ing, appending
digits, shift left/right on keyboard, etc.

In fact, john once cracked one of my passwords pretty easily.  It was at
that point I decided it was time to make my passwords more complex.  Of
course, these 10-15 near-linenoise passwords are so fun to remember.

Matt
-- 
Learning just means you were wrong and they were right. - Aram
   Matt Thompson -- http://ucsub.colorado.edu/~thompsma/
   440 UCB, Boulder, CO  80309-0440
   JILA A510, 303-492-4662
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20041028/12472bcd/attachment.pgp>


More information about the LUG mailing list