Etaoin Shrdlu wrote: <<snip>> > Thanks to whomever finally got through, however you did it. I had actually > allowed one host to start responding, and it had gotten to the part I > always least understand, i.e. the tries for root's password. I mean, > really, are there that many hosts out there with root accounts that can be > guessed with an automated password guesser? ...
Define "that many"... It's not about the total number -- it's simply about the fact that there really are some, and we know that here some == quite a few more than one. Better to think of it in terms of a proportion though, then allow that the law of large numbers kicks in _on both the attackers' and victims' sides of the equation_. If the potential attackers can run their probes from a botnet then they reduce their own workload significantly are not even risking discovery or any real "loss" if they tracked/shut-down as it is all but guaranteed that all they will lose is a bot or two in the odd case where someone will care enough to try to track down "the attacker". And if the available victims are, say 0.00015% of all machines, scanning a few million machines gets you plenty more new victims. And that's not even considering that some machines may be more worthwhile cracking than others... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/