tech-security: Re: sshd password guessing attacks on the rise

Subject: Re: sshd password guessing attacks on the rise
To: Wolfgang S. Rupprecht <wolfgang@wsrcc.com>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-security
Date: 10/07/2004 12:27:57

In message <16741.28135.144870.534481@bonnet.wsrcc.com>, "Wolfgang S. Rupprecht
" writes:
>
>Steven M. Bellovin writes:
>> In message <x73c0qzf3t.fsf@bonnet.wsrcc.com>, "Wolfgang S. Rupprecht" writes
>:
>> >The sheer size of the dictionary attack is almost certainly going to
>> >net them quite a few compromised systems. 
>> 
>> s/is.*going to/already has/
>> 
>> from what I hear on various security lists...
>
>Interesting.  
>
>I wonder why the security orgs aren't making more of a deal about this
>and shouting about it from the parapets.  The more machines these
>folks compromise, the faster the rest will fall.
>

Too many people treat such information as sensitive.  When I hear 
things, I'm constrained by the source's policies on what I can repeat.

		--Steve Bellovin, http://www.research.att.com/~smb