> There is currently a worm going around that automates just this, BTW --
> see ILUG traffic a month or 2 ago. It launches a brute-force dictionary
> attack on remote SSH servers, attempting several (sadly) common combos:
Yeah google showed me this worm before I did my OP. But it doesn't seem
to fit the MO.
> A fully-patched-up-to-date box will certainly be vulnerable to this, if
> you had any of those accounts set up with those passwords ;)
Heh. Nope there is only my account, root and cygnus with passwords on my
personal server. All of which i generated and they're 8 character
passwords randomly generated with a combination of letters,numbers and
symbols. I know they could be brute forced eventually but how many
hundreds of thousands of attempts would it take and OpenSSH has
restrictions on the rate you can send in passwords.
John the ripper has been running on my password file for 8 hours now
with none of them broken - admittedly it's not a hugely powerful
machine. It's a UML VM on a dual cpu xeon machine but shared with about
15 other usually light cpu usage VMs (when needed it can usually get the
majority of the hosts cpu cycles).
In reply to Stephs question both boxes are running debian kernels but I
thought you'd need a local account before you can use a kernel exploit?
In support of the idea that is was a password/key stolen or key logged
somewhere both boxes had normal users cracked. Users who don't run any
services. Not the same user on both boxes though, and the user account
cracked on our work box is nothing to do with me, so I'm having trouble
seeing the link unforunately.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!