Re: [sec] Re: failed root login attempts

To: debian-security@lists.debian.org
Cc: Noah Meyerhans <noahm@debian.org>
Subject: Re: [sec] Re: failed root login attempts
From: Rolf Kutz <kutz@netcologne.de>
Date: Wed, 29 Sep 2004 23:47:31 +0200
Message-id: <[🔎] 20040929214730.GD5601@jamaika>
Mail-followup-to: debian-security@lists.debian.org, Noah Meyerhans <noahm@debian.org>
In-reply-to: <[🔎] 20040929205725.GB26998@antiochcomputerconsulting.com>
References: <[🔎] 20040919185011.GA16993@morgul.net> <[🔎] 20040919200327.GJ3038@panoptic.com> <[🔎] 20040919200912.GA25674@cirrus.madduck.net> <[🔎] 20040919201930.GC16993@morgul.net> <[🔎] 20040919202329.GA26298@cirrus.madduck.net> <[🔎] 20040920234014.GG1731@v216-190.vps.tuwien.ac.at> <[🔎] 20040921124546.GA9670@steve.org.uk> <[🔎] 20040928232349.GC24960@cordes.ca> <[🔎] 20040929011851.GJ16993@morgul.net> <[🔎] 20040929205725.GB26998@antiochcomputerconsulting.com>

* Quoting Phillip Hofmeister (plhofmei@antiochcomputerconsulting.com):

> On Tue, 28 Sep 2004 at 09:18:51PM -0400, Noah Meyerhans wrote:
> > That doesn't seem to be the case.  The most common one uses
> > root/test/guest, but there are more that seem to be based on the same
> > code.  They all disconnect by sending the string "Bye Bye", e.g.:
> > sshd[13613]: Received disconnect from 64.246.26.19: 11: Bye Bye
> > 
> > I've seen many more aggressive root login attempts, as well as 'admin'
> > and a number of other users.
> > 
> > The somewhat unsetting thing that I'm wondering about is whether these
> > machines are all sharing some big central password dictionary and are
> > logging their attempted passwords to some central database.  It ends up
> > being some massive distributed dictionary attack, which I doubt is going
> > to work on my systems, but I'm 100% sure that there are systems out
> > there with weak root passwords.
> 
> Best practices suggest:
> 
> PermitRootLogin no

Why not:

PasswordAuthentication no
UsePAM no

- Rolf

Reply to:

References:
- Re: failed root login attempts
  - From: Noah Meyerhans <noahm@debian.org>
- Re: failed root login attempts
  - From: Dossy Shiobara <dossy@panoptic.com>
- Re: failed root login attempts
  - From: martin f krafft <madduck@debian.org>
- Re: failed root login attempts
  - From: Noah Meyerhans <noahm@debian.org>
- Re: failed root login attempts
  - From: martin f krafft <madduck@debian.org>
- Re: [sec] Re: failed root login attempts
  - From: maximilian attems <debian@sternwelten.at>
- Re: [sec] Re: failed root login attempts
  - From: Steve Kemp <skx@debian.org>
- Re: [sec] Re: failed root login attempts
  - From: Peter Cordes <peter@cordes.ca>
- Re: [sec] Re: failed root login attempts
  - From: Noah Meyerhans <noahm@debian.org>
- Re: [sec] Re: failed root login attempts
  - From: Phillip Hofmeister <plhofmei@antiochcomputerconsulting.com>

Prev by Date: Re: [sec] Re: failed root login attempts
Next by Date: RE: [sec] Re: failed root login attempts
Previous by thread: Re: [sec] Re: failed root login attempts
Next by thread: Re: failed root login attempts
Index(es):
- Date
- Thread