[lug] Attacks Intensifying

Bill Thoen bthoen at gisnet.com
Thu Oct 28 11:05:49 MDT 2004


On Thu, 28 Oct 2004, Matt Thompson wrote:

> Well, the older root specific version was like this:
> 
> http://www.k-otik.com/exploits/08202004.brutessh2.c.php

Intersting... Looks like they aren't even looking at mixed-case ones, and 
few (if any) over 8 characters.

Do people really use passwords for root that are as simple 
as these? Even the "clever" ones are sort of stupid. (e.g. q1w2e3, a 
keyboard pattern, and ib6ub9, a sounds-like-real-words etc.) Maybe P.T. 
Barnum was right when he said, "You won't go broke underestimating the 
intelligence of the public."

> So, you could take that as a baseline.  By now I'm sure some kiddie has
> expanded the dictionary.  I'm guessing there isn't a john-like
> number/capital type search since I've only ever gotten around 2000 or so
> attempts a day at its peak.  A john-type attack should generate a lot
> more.

What's a john-like attack?

- Bill Thoen





More information about the LUG mailing list