SSH hacked?

[Mark Haney]

Kent Borg wrote:
> NoOp wrote:
>> why don't you try as I suggested? Put a machine w/ssh on an open
>> DSL/Cable modem and watch your logs for a few days?
> 
> I don't need to put up such a test, I already have such a thing.
> Checking the log file is quite easy...
> 
> [check, check. check]
> 
> As always, there have been break in attempts. These attempts came from
> different IP addresses, and you suggested I will attract attacks like
> flies to honey--but for the moment let's assume you are wrong on that
> point and assume that these attacks are really just a single coordinated
> attacker.
> 
> Some of the attacks are against randomly chosen user names, but most are
> against root and that matters most, so let's look at the root attacks:
> Based on the number of attempts in this sample and the entropy in my
> root password, at minimum it will take over 2,500 years for a single
> coordinated attacker to have a 50-50 chance of getting in. Further, if
> the attacker doesn't know the format ("recipe") of my root password, the
> effective entropy soars to a much higher figure--to estimate
> conservatively it would take many octillion years of attempts to get to
> the 50-50 point.
> 



However, if you don't allow root login via ssh the chance of an attacker
getting in is ZERO.  That fact alone is much more valuable from a
security standpoint than how strong your password is, entropy or not.
Even with entropy, someone MIGHT get lucky.

I mean really, is it that hard to point out that exposing the root
account to ANY port is a bad idea?  Is it that hard to put into practice?

Geez.




-- 
Frustra laborant quotquot se calculationibus fatigant pro inventione
quadraturae circuli

Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Call (866) ERC-7110 for after hours support