Educause Security Discussion mailing list archives
Re: SSH dictionary attack dictionary
From: Patrick P Murphy <pmurphy () NRAO EDU>
Date: Tue, 11 Aug 2009 09:18:17 -0400
On Tue, 11 Aug 2009 00:35:14 -0400, Brad Edmondson <brad.edmondson () gmail com> said:
Interesting project - how did you filter out off-by-one typos so that you couldn't deduce your legitimate users' passwords?
Our situation is somewhat different from a University; we have far fewer users (staff and a very few students and visiting observers), most of the staff are reasonably well trained in security, and the case in point was a sustained distributed dictionary-type attack against one or two of our servers. The "noise" in this case were the (very) few overnight ssh logins that were legitimate, and the "signal" was the large number of ssh attempts from a wide swath (hundreds) of IP addresses, mostly offhore. There wasn't much noise. - Pat -- Patrick P. Murphy, Ph.D. Webmaster (East), Computing Security Manager http://www.nrao.edu/~pmurphy/ http://chien-noir.com/maze.shtml "Inventions then cannot, in nature, be a subject of property." -- Thomas Jefferson, August 13, 1813
Current thread:
- SSH dictionary attack dictionary Andrew Daviel (Aug 10)
- <Possible follow-ups>
- Re: SSH dictionary attack dictionary Patrick P Murphy (Aug 10)
- Re: SSH dictionary attack dictionary Brad Edmondson (Aug 10)
- Re: SSH dictionary attack dictionary Patrick P Murphy (Aug 11)
- Re: SSH dictionary attack dictionary John Kristoff (Aug 11)
- Re: SSH dictionary attack dictionary Bob Bayn (Aug 11)
- Re: SSH dictionary attack dictionary Chris Schenk (Aug 11)
- Re: SSH dictionary attack dictionary Louis Anthony Arminio (Aug 11)
- Re: SSH dictionary attack dictionary Di Fabio, Andrea (Aug 11)
- Re: SSH dictionary attack dictionary Bruce Curtis (Aug 11)
- Re: SSH dictionary attack dictionary Plesco, Todd (Aug 11)
- Re: SSH dictionary attack dictionary Andrew Daviel (Aug 11)