Re: What is this Very Stupid DOS Attack Script?

• Previous message: Willem Jan Withagen: "Re: What is this Very Stupid DOS Attack Script?"
• In reply to: Martin McCormick: "What is this Very Stupid DOS Attack Script?"
• Next in thread: Martin McCormick: "Re: What is this Very Stupid DOS Attack Script?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 06 Apr 2005 11:56:29 -0400
To: Martin McCormick <martin@dc.cis.okstate.edu>, freebsd-security@freebsd.org

At 11:49 AM 06/04/2005, Martin McCormick wrote:
> We have been noticing flurries of sshd reject messages in
>which some system out there in the hinterlands hits us with a flood of
>ssh login attempts. An example:
>
>Apr 6 05:41:51 dc sshd[88763]: Did not receive identification
> string from 67.19.58.170
>Apr 6 05:49:42 dc sshd[12389]: input_userauth_request: illegal
> user anonymous
> Other than spewing lots of entries in to syslog, what is the
>purpose of the attack? Are they just hoping to luck in to an open
>account? The odds of guessing the right account name and then guessing
>the correct password are astronomical to say the least.

Actually, sadly the odds are far too good given the cost to run such a
script. Unless you force users to use GOOD passwords, they will use dumb
ones.... Think Paris Hilton recently. The cost to let a script like that
go in the background and pound away at hosts that have open ssh access is
zilch. If you have ftpd running anywhere, you will see similar attempts

         ---Mike

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Willem Jan Withagen: "Re: What is this Very Stupid DOS Attack Script?"
• In reply to: Martin McCormick: "What is this Very Stupid DOS Attack Script?"
• Next in thread: Martin McCormick: "Re: What is this Very Stupid DOS Attack Script?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Firewall - Limit Geographic Area ... > I believe the OP's concern is that of remote exploit (DoS, script ... I had tried an ssh login from my Sprint PCS ... If one is interested in security, ... And if one is doing automatic transactions be *very* suspicious of ... (RedHat) Re: using PubkeyAuthentication, still getting dictionary attacks! ... /var/log/ messages tends to get flooded by traces from such attempts. ... a failed SSH login attempt ... the script is there so that this mechanism is not used in the 192.168.0 ... (comp.security.ssh) Re: using PubkeyAuthentication, still getting dictionary attacks! ... IPTables in order to address the issue raised by the OP, ... /var/log/ messages tends to get flooded by traces from such attempts. ... a failed SSH login attempt ... the script is there so that this mechanism is not used in the 192.168.0 ... (comp.security.ssh) Re: What is this Very Stupid DOS Attack Script? ... > ssh login attempts. ... If you search google, you'll see many recent similar threads on ... It's simply a brute force kiddy script. ... (FreeBSD-Security)