Re: Why do SSH cracking attempts start with "Did not receive identification string"?

To: debian-user@lists.debian.org
Subject: Re: Why do SSH cracking attempts start with "Did not receive identification string"?
From: Robert Waldner <rw@coretec.at>
Date: Fri, 02 Sep 2005 13:51:35 +0200
Message-id: <[🔎] 20050902115141.EC5434A460@beren.intern.coretec.at>
In-reply-to: Your message of "Fri, 02 Sep 2005 12:24:54 BST." <[🔎] 200509021124.j82BOsE5000058@Blake.co.umist.ac.uk>

On Fri, 02 Sep 2005 12:24:54 BST, Adam Funk writes:
>Sometimes the interval between "Did not receive" and the first "Failed
>password" is as long as 20 minutes.  Why do the SSH cracking programs
>omit the string the first time, and why do they wait a while after
>that to start trying userids and passwords?

Probably becasue at first they do a sweep and look where port 22 is at 
 least open, before they start with "real" cracking attempts.

cheers,
&rw
-- 
/ Ing. Robert Waldner | Security Engineer |  CoreTec IT-Security  \
\   <rw@coretec.at>   | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /

Attachment: pgpvn8a0tQlkV.pgp
Description: PGP signature

Reply to:

References:
- Why do SSH cracking attempts start with "Did not receive identification string"?
  - From: Adam Funk <a24061@yahoo.com>

Prev by Date: Coexistence of Qt3 and Qt4 development (or at least compilation)
Next by Date: Re: Why do SSH cracking attempts start with "Did not receive identification string"?
Previous by thread: Why do SSH cracking attempts start with "Did not receive identification string"?
Next by thread: Re: Why do SSH cracking attempts start with "Did not receive identification string"?
Index(es):
- Date
- Thread