Re: help needed after intrusion from a ssh dictionary attack
- From: lorenzodes <lorenzodes@xxxxxxxxxxxxx>
- Date: Mon, 09 Jan 2006 11:41:40 +0100
jinzishuai@xxxxxxxxx wrote:
Hello
One of our lab machine running Redhat Enterprise 3 has been intruded by somebody. He used a simple ssh dictionary attack but unfortunately our root is enabled through ssh and the root password was not strong enough. We got report that there were 3GB of unexpected traffic during that day throught ssh.
Goodness...
Now we are going to reset the root password but for some other reasons we don't want to disable root login through ssh.
What you should do is unplug the compromised box from the net, backup your data, wipe out the rest and reinstall Linux. With regard to "for some other reasons we don't want to disable root login....", imho, is bad thinking. At least disable password login and use private/public RSA/DSA key authentication.
So I would like to do a dictionary attack on our machine first to make sure our password is strong enough. Is there any well-known hacking software that I can download and try to see if our system is secure? Thanks a lot.
Bad thinking... .
- References:
- help needed after intrusion from a ssh dictionary attack
- From: jinzishuai
- help needed after intrusion from a ssh dictionary attack
- Prev by Date: Re: BitTorrent security questions
- Next by Date: Re: help needed after intrusion from a ssh dictionary attack
- Previous by thread: help needed after intrusion from a ssh dictionary attack
- Next by thread: Re: help needed after intrusion from a ssh dictionary attack
- Index(es):
Relevant Pages
|
