Re: using PubkeyAuthentication, still getting dictionary attacks!
- From: "Richard E. Silverman" <res@xxxxxxxx>
- Date: 06 Oct 2006 10:58:56 -0400
"NN" == Nomen Nescio <nobody@xxxxxxxxx> writes:
NN> Unruh <unruh-spam@xxxxxxxxxxxxxx> wrote:
>> >AIUI, dictionary attacks on PubkeyAuthentication are hopeless, and
>> I'm >surprised the attacking "clients" try it. Am I right? Why do
>> they keep >trying? Anything else I can/should do?
>>
>> Do you thinkthat there is a human being behind those attacks,
>> trying all the passwords? It is a program. which is launched from
>> someone else's computer.
NN> Of course I know that ... what I mean is, can't the bot tell that
NN> the server only takes key authentication?
NN> What's the bot trying to send me, random big numbers?
No, it's likely still trying password authentication. The SSH-AUTH
protocol allows a client to try any authentication method it likes at any
point, regardless of whether the server accepts it. The attack program in
question probably just connects and tries passwords, without bothering to
notice whether password authentication is even supported.
--
Richard Silverman
res@xxxxxxxx
.
- Follow-Ups:
- Re: using PubkeyAuthentication, still getting dictionary attacks!
- From: Nomen Nescio
- Re: using PubkeyAuthentication, still getting dictionary attacks!
- References:
- Prev by Date: Re: using PubkeyAuthentication, still getting dictionary attacks!
- Next by Date: Re: using PubkeyAuthentication, still getting dictionary attacks!
- Previous by thread: Re: using PubkeyAuthentication, still getting dictionary attacks!
- Next by thread: Re: using PubkeyAuthentication, still getting dictionary attacks!
- Index(es):
Relevant Pages
|
