On Fri, December 4, 2009 13:49, LuKreme wrote: > > It's not 1 guess every 12 hours. It's one guess per IP, but thousands of > IPs. One username may be seeing an attempt every second for those 12 > hours, but each originating on different machines on the botnet.
Ah, OK, I misunderstood. All the more reason to ensure usernames and passwords are outside the realms of dictionaries and their hybrids. Given the fact that users will rarely choose strong passwords if left to their own devices, two very strong defences are: a) Issue passwords for them (some may object); and/or b) Ensure usernames are not obvious (e.g. sftpuser479 instead of 'staff', 'admin', 'cookie', etc.). >From experience the vast majority of dictionary attacks start with a very small dictionary of 'sensible' usernames, and then throw a large dictionary of passwords against each of them. There's further background on this trend at: http://isc.sans.org/diary.html?storyid=3529 -- Peter SJF Bance http://www.minstrel.org.uk/ XMPP: [email protected] | AIM: GreyMinstrel MSN: [email protected] | ICQ: 254652398 ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
