root user
Chris Green
cl at isbd.net
Mon Jan 2 10:46:18 UTC 2012
On Sun, Jan 01, 2012 at 05:57:25PM +0000, Liam Proven wrote:
> On 1 January 2012 17:12, Chris Green <cl at isbd.net> wrote:
> >> "root", and if you have root access, you own the box. So that is the
> >> account everyone attacks. Well, if root is there but disabled, they
> >> can attack it as much as they like - they won't get in. There's
> >> nothing to get into.
> >
> > But in the real world the systems we are talking about are 99% home
> > systems and won't have an ssh daemon running to allow remote access, and
> > if they have it should most certainly have ssh root access disabled.
> > Thus an intruder *does* need to know two passwords.
>
> Why 2?
>
Because they can only login as a non-root user and then they need to
know the root password as well to become root. (Assuming sudo is turned
off of course).
> >> But without access to the system, they can't see
> >> what other, ordinary, unprivileged usernames /are/ there, so they
> >> can't launch dictionary attacks against them.
> >>
> > As I understand it dictionary attacks are only possible where the
> > encrypted passwords are visible and that is no longer true on most
> > systems.
>
> No, not at all.
>
> Anything which accepts a password in any form can have iterative
> dictionary attacks launched against it.
>
Well, in principle yes, but if there's a long delay (like seconds)
before another attempt is allowed it will take far, far too long to
attempt any sort of sensible dictionary attack.
--
Chris Green
More information about the ubuntu-users
mailing list