On 4-Dec-2009, at 04:40, Peter SJF Bance wrote:
> To be honest, this doesn't sound like a huge issue - if a single user/pass
> pair is being tried every 12 hours, the simplest defence will be to:
>
> a) Not have guessable usernames;
> b) Not permit remote login as root; and
> c) Ensure passwords are not simple dictionary/hybrid words.
>
> This way, even if c) is not true (i.e. users are a bit daft and use simple
> passwords), it will take an infeasible amount of time for a dictionary
> attack to succeed - one guess every 12 hours, multiplied by the number of
> attempts it might take to succeed, and you're probably into the order of
> millennia!
It's not 1 guess every 12 hours. It's one guess per IP, but thousands of IPs.
One username may be seeing an attempt every second for those 12 hours, but each
originating on different machines on the botnet.
--
"You're an elf and you're going to wear panties like an elf."
-- David Sedaris, Santaland Diaries
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
