[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why do SSH cracking attempts start with "Did not receive identification string"?

On Fri, 02 Sep 2005 12:24:54 BST, Adam Funk writes:
>Sometimes the interval between "Did not receive" and the first "Failed
>password" is as long as 20 minutes.  Why do the SSH cracking programs
>omit the string the first time, and why do they wait a while after
>that to start trying userids and passwords?

Probably becasue at first they do a sweep and look where port 22 is at 
 least open, before they start with "real" cracking attempts.

/ Ing. Robert Waldner | Security Engineer |  CoreTec IT-Security  \
\   <rw@coretec.at>   | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /

Attachment: pgpoGgXpwSPpa.pgp
Description: PGP signature

Reply to: