On Tue, 28 Sep 2004 at 09:18:51PM -0400, Noah Meyerhans wrote: > That doesn't seem to be the case. The most common one uses > root/test/guest, but there are more that seem to be based on the same > code. They all disconnect by sending the string "Bye Bye", e.g.: > sshd[13613]: Received disconnect from 64.246.26.19: 11: Bye Bye > > I've seen many more aggressive root login attempts, as well as 'admin' > and a number of other users. > > The somewhat unsetting thing that I'm wondering about is whether these > machines are all sharing some big central password dictionary and are > logging their attempted passwords to some central database. It ends up > being some massive distributed dictionary attack, which I doubt is going > to work on my systems, but I'm 100% sure that there are systems out > there with weak root passwords. Best practices suggest: PermitRootLogin no Then again, the people who have weak root passwords are not ones to follow best practices. -- Phillip Hofmeister
Attachment:
pgpEwGE6SAyq3.pgp
Description: PGP signature