Cracked
John
dingo at coco2.arach.net.au
Mon Oct 18 12:06:38 UTC 2004
Michel Klijmij wrote:
> On Mon, 18 Oct 2004 15:20:12 +0800, John <dingo at coco2.arach.net.au> wrote
> in <41736EAC.5050603 at coco2.arach.net.au>:
>
>
>>I allow logins via ssh (I need access to do remote maintenance).
>
>
> Do you permit root logins? Do you restrict access to a limited number of
> IP addresses? Have you considered public key authentication? Do the users
> have good passwords?
In this case, I'd have been worse off if the intruder hadn't gained root
access.
I discovered the intrusion quickly because he buggered up the system. If
he'd installed his major tools in /var/tmp.mech I'd probably not have
found them for months.
>
>
>>One person, possibly as many as three, gained root access to the box
>>with the ever-reliable dictionary attack.
>
>
> That proves that you (generic, in fact, everyone) need strong passwords,
There will always be people who don't heed that, who haven't learned the
lesson.
Can we turn our attention to da-blocker? This is the preliminary name
for a tool I've started on which can be installed as part of the
standard software set and which will make the dictionary attack almost
useless?
Assuming I've not overlooked something important:-)
More information about the ubuntu-users
mailing list