[Beowulf] Re: "hobbyists"
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Joe Landman landman at scalableinformatics.comFri Jun 20 06:28:40 PDT 2008
- Previous message: [Beowulf] Re: "hobbyists"
- Next message: [Beowulf] Re: "hobbyists"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Robert G. Brown wrote: > On Fri, 20 Jun 2008, Perry E. Metzger wrote: > >> >> "Robert G. Brown" <rgb at phy.duke.edu> writes: >>> On Fri, 20 Jun 2008, Chris Samuel wrote: >>>> ----- "Joe Landman" <landman at scalableinformatics.com> wrote: >>>> >>>>> People spend lots of time and effort on security theater. Make up odd >>>>> rules for passwords. Make them hard to guess and crack. Well, is >>>>> that the vector for break-ins? Weak passwords? >>>> >>>> Yeah - sadly.. :-( >>> >>> Do you have an recent contemporary evidence for that? >> >> Yes, Run a box with sshd on it connected to the internet and watch your >> logs for a few days. You will find numerous attempts to try thousands >> of possible account names and passwords -- brute force cracking. > > Well, yeah, sure, I know about that as I DO watch my logs -- I just > haven't heard of one of these attacks SUCCEEDING in pretty much forever, > for obvious reasons. Run pam_abl on your machine, and you can pretty much guarantee that the brute force attacks will not work, even if they miraculously guess the right password. This presumes more than some small number of previous login failures. [...] >> Here is an extract from the log on a real machine, one of mine, from >> last night: >> >> Jun 19 20:56:53 smaug sshd[2577]: Invalid user secretariat from >> 70.90.14.154 >> Jun 19 20:56:54 smaug sshd[2522]: Invalid user secretar from 70.90.14.154 >> Jun 19 20:56:55 smaug sshd[23949]: Invalid user present from 70.90.14.154 >> Jun 19 20:56:56 smaug sshd[3440]: Invalid user test from 70.90.14.154 >> Jun 19 20:56:57 smaug sshd[8809]: Invalid user test from 70.90.14.154 >> Jun 19 20:56:58 smaug sshd[21600]: Invalid user teste from 70.90.14.154 >> Jun 19 20:56:59 smaug sshd[314]: Invalid user teste from 70.90.14.154 > > Sure, it goes on and on. I don't really LIKE seeing this, especially on > a server with sensitive information, but that is precisely why one > configures such servers with tight controls and runs a password checker. Use pam_abl. Really. Even if the password were weak, and they guessed it on the 57th try, pam_abl will stop the login. Read the manual. Adjust the config settings. Our ssh logs are scary, have been for a while. They aren't the scariest of our logs. Even paranoids have enemies. -- Joseph Landman, Ph.D Founder and CEO Scalable Informatics LLC, email: landman at scalableinformatics.com web : http://www.scalableinformatics.com http://jackrabbit.scalableinformatics.com phone: +1 734 786 8423 fax : +1 866 888 3112 cell : +1 734 612 4615
- Previous message: [Beowulf] Re: "hobbyists"
- Next message: [Beowulf] Re: "hobbyists"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list