Re: Chinese Kiddos with Broken Dicts?

2009-05-10 Thread Craig White
On Sat, 2009-05-09 at 22:35 -0700, Kurt Granroth wrote: That seems... unlikely. I have had thousands of unique IPs hit some of my hosts, many to never repeat after a round of attacks. The more plausible route is that they have a botnet of pwned boxes numbering in the hundreds of thousands

Re: Chinese Kiddos with Broken Dicts?

2009-05-10 Thread Lisa Kachold
This is the FIRST thing in setting up any secure server (along with say not running Apache or Mysql as root, etc.) Evidently you have not attended the HackFests, where more than a few of the group were well, able to gain a login on a machine with various tools including Brute Forcing via Muppet,

Re: Chinese Kiddos with Broken Dicts?

2009-05-10 Thread Lisa Kachold
Here's a video using custom dictionaries and netcat: http://bitcast-a.bitgravity.com/revision3/web/hak5/0511/hak5--0511--netcat-virtualization-wordpress--large.xvid.avi You only see the foolish ones in your logs, these exploits can also use an obfuscated source for a number of each of their

RE: Chinese Kiddos with Broken Dicts?

2009-05-10 Thread Bob Elzer
PM To: Main PLUG discussion list Subject: Re: Chinese Kiddos with Broken Dicts? That seems... unlikely. I have had thousands of unique IPs hit some of my hosts, many to never repeat after a round of attacks. The more plausible route is that they have a botnet of pwned boxes numbering

Chinese Kiddos with Broken Dicts?

2009-05-09 Thread Andrew Tuna Harris
Helloes. Yes, another thread about the Chinese. Okayso over the past couple days I've been seeing things like this: /var/log/messages:May 9 11:00:10 (none) sshd[688]: Connection from 200.111.157.187 port 51751 /var/log/messages:May 9 11:00:10 (none) sshd[688]: Did not receive identification

Re: Chinese Kiddos with Broken Dicts?

2009-05-09 Thread Lisa Kachold
Be afraid, very afraid! You must put that IP in your firewall! There's a good chance they already go in, if you didn't put in iptables brute force controls? On Sat, May 9, 2009 at 5:39 PM, Andrew Tuna Harris t...@supertunaman.comwrote: Helloes. Yes, another thread about the Chinese.

Re: Chinese Kiddos with Broken Dicts?

2009-05-09 Thread Andrew Tuna Harris
Excerpts from Lisa Kachold's message of Sat May 09 20:17:24 -0700 2009: Be afraid, very afraid! Oh hamburgers! You must put that IP in your firewall! Done. There's a good chance they already go in, if you didn't put in iptables brute force controls? OH SHI- How'd they get in? What's

Re: Chinese Kiddos with Broken Dicts?

2009-05-09 Thread Kurt Granroth
That seems... unlikely. I have had thousands of unique IPs hit some of my hosts, many to never repeat after a round of attacks. The more plausible route is that they have a botnet of pwned boxes numbering in the hundreds of thousands and they just use them for random dictionary attacks.