[lug] Attacks Intensifying
George Sexton
gsexton at mhsoftware.com
Mon Nov 22 07:48:34 MST 2004
One of my machines today received 2823 probes for root password.
Like I said:
PermitRootLogin no
George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
> -----Original Message-----
> From: lug-bounces at lug.boulder.co.us
> [mailto:lug-bounces at lug.boulder.co.us] On Behalf Of Sean Reifschneider
> Sent: Saturday, November 20, 2004 7:34 PM
> To: Boulder (Colorado) Linux Users Group -- General Mailing List
> Subject: Re: [lug] Attacks Intensifying
>
> On Wed, Nov 03, 2004 at 11:48:08AM -0700, Dean Brissinger wrote:
> >the middle attack. Any desktop machine on the same LAN as either the
> >client or the server can promote itself to route all traffic through
>
> Good switches will, of course, prevent this. This is also a
> good reason
> for not using password authentication, and instead using SSH
> agent. With
> ssh agent, authentication is done via a challenge/response and a
> man-in-the-middle can't use that information for future
> authentications.
>
> Of course, if you ignore the warnings about host keys
> changing, you kind of
> deserve what you get.
>
> Sean
> --
> The "PEANUTS" gang finds their first root-kit in "YOU'RE AN
> 3L33T H4CK3R
> NOW, CHARLIE BROWN".
> Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
> tummy.com, ltd. - Linux Consulting since 1995. Qmail,
> Python, SysAdmin
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
>
More information about the LUG
mailing list