[Dshield] SSH Bots

Frank Knobbe frank at knobbe.us
Tue Mar 7 00:43:24 GMT 2006

On Mon, 2006-03-06 at 15:50 -0500, Jon R. Kibler wrote:

> When I contacted the system's netblock owner, they indicated that the
> compromised box was a MacOS/X system and they had already shut down
> the box. I got to talking to their security person and he indicated
> that the box was compromised via a brute force ssh attack. Apparently,
> there are botnets that do distributed brute force ssh attacks, hitting
> on all possible combinations of password characters up through 14
> character lengths. 
> So, I guess it is time to change all of our ssh passwords to 15 or 16
> chars! 

Dude, you're still using passwords? Get rid of those and use keys! It's
a bit harder to brute force a 2048 bit key :)


It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20060306/7e7c76bb/attachment-0001.bin

More information about the list mailing list