Re: help:tool to bruteforce ssh connections




There are many issues that still today are unresolved. It does amaze the mind though.

--- On Mon, 5/11/09, Gregory Boyce <gregory.boyce@xxxxxxxxx> wrote:

From: Gregory Boyce <gregory.boyce@xxxxxxxxx>
Subject: Re: help:tool to bruteforce ssh connections
To: "cy10@xxxxxxxxxxxx" <cy10@xxxxxxxxxxxx>
Cc: "security-basics@xxxxxxxxxxxxxxxxx" <security-basics@xxxxxxxxxxxxxxxxx>
Date: Monday, May 11, 2009, 7:04 AM
I used to investigate and report
those sorts of attacks.  In just about every instance
the attacking system was one that had fallen to the exact
same attack.

The fact you see attacks is proof they still work.

On May 7, 2009, at 5:12 PM, cy10@xxxxxxxxxxxx
wrote:

I'd have to ask how effective this is as well. My
firewall alerts me every time some kid runs a bf on my ssh
door. I say kid, becuase if it's not root (does ANYONE still
allow ssh to root???) or some ridiculous username; admin,
sales, etc.

I used to get 50-100 such alerts from my firewall
everyday. After blocking entire countries (only four so far,
use your imagination) that number has dropped to like less
than a half dozen.

Kind of hard to believe there are still people out
there not securing SSH. Sigh...

/rant



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot
Camp in both Instructor-Led and Online formats is the most
concentrated exam prep available. Comprehensive course
materials and an expert instructor means you pass the exam.
Gain a laser like insight into what is covered on the exam,
with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html

------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp
in both Instructor-Led and Online formats is the most
concentrated exam prep available. Comprehensive course
materials and an expert instructor means you pass the exam.
Gain a laser like insight into what is covered on the exam,
with zero fluff!
http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------






------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------



Relevant Pages

  • Re: help:tool to bruteforce ssh connections
    ... Subject: help:tool to bruteforce ssh connections ... an expert instructor means you pass the exam. ... -- This list is sponsored by: InfoSec Institute ... InfoSec Institute's CISSP Boot Camp in both ...
    (Security-Basics)
  • Re: backtrack linux video tutorial
    ... InfoSec Institute ... InfoSec Institute's CISSP Boot Camp in both ... Instructor-Led and Online formats is the most concentrated exam ... instructor means you pass the exam. ...
    (Security-Basics)
  • Re: help:tool to bruteforce ssh connections
    ... I used to investigate and report those sorts of attacks. ... every time some kid runs a bf on my ssh door. ... InfoSec Institute ... InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. ...
    (Security-Basics)
  • Re: help:tool to bruteforce ssh connections
    ... It's actually a very effective attack speaking from first hand experience of ... As for denyhosts, not everyone runs that. ... forget they are working as root and start trying to ssh in, ... InfoSec Institute ...
    (Security-Basics)
  • Re: help:tool to bruteforce ssh connections
    ... Is ssh brute forcing at all effective? ...       is there any tool to bruteforce ssh login. ... InfoSec Institute ... Certified Ethical Hacker and Certified ...
    (Security-Basics)