[clug] mc-root anyone?

Ian Munsie darkstarsword at gmail.com
Mon Jun 22 01:50:19 GMT 2009


> These people are scanning for connections on port 22.  We haven't (yet) seen
> people trying to actually scan the ports on a remote machine looking for an
> SSH server.  When we do, believe me, you will not be able to move on the
> internet without hitting three or four sysadmins reconfiguring their
> external-facing SSH servers.

The reason is simple: If you want to compromise machines, do you:
a) scan 65,536 ports on a single IP address hoping that you find a
single SSH server you can then maybe gain access to given that the
administrator has already changed it's port number; or
b) scan 65,536 different computers on the default port 22 and check
each potential hit for vulnerable versions of SSH or failing a known
SSH vulnerability do some scans for weak passwords?

Naturally the answer to this question depends on the attacker's
motivation, but in the general case the answer is almost always b. The
answer will only be a if the attacker has selected a specific target
or hasn't spent any time thinking about it.

-I

-- 
http://darkstarshout.blogspot.com/
--
On the day *I* go to work for Microsoft, faint oinking sounds will be
heard from far overhead, the moon will not merely turn blue but
develop polkadots, and hell will freeze over so solid the brimstone
will go superconductive.
     -- Eric S. Raymond, 2005
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html


More information about the linux mailing list