Security Incidents mailing list archives

Re: SSH bruteforce on its way...

From: Justin <justinvinn () gmail com>
Date: Mon, 24 Oct 2005 14:09:03 -0400

Jouser,

Nah, there were some exploits a while back that took advanteage in
some timing flaws in the SSHd that let attackers determin valid
usernames.

peace,
--Justin

On 21 Oct 2005 18:05:27 -0000, jouser () gmail com <jouser () gmail com> wrote:

I didn't think it was possible to determine valid usernames by themselves?  You either have a valid username AND 
password or not.

Current thread:

SSH bruteforce on its way... Volker Tanger (Oct 19)
- Re: SSH bruteforce on its way... Paul Robertson (Oct 24)
  - Re: [incidents] Re: SSH bruteforce on its way... Tim Kennedy (Oct 24)
- <Possible follow-ups>
- Re: SSH bruteforce on its way... foxxz . net (Oct 24)
- Re: SSH bruteforce on its way... jouser (Oct 24)
  - Re: SSH bruteforce on its way... Justin (Oct 24)
    - Re: SSH bruteforce on its way... Russell Fulton (Oct 25)
    - Re: SSH bruteforce on its way... Valdis . Kletnieks (Oct 26)
    - Re: SSH bruteforce on its way... Kurt Seifried (Oct 26)
    - Re: SSH bruteforce on its way... Justin (Oct 26)
    - Re: SSH bruteforce on its way... Daniel Cid (Oct 26)
  - Re: SSH bruteforce on its way... Valdis . Kletnieks (Oct 25)
- Re: SSH bruteforce on its way... Michael . Lang (Oct 25)
  - Re: SSH bruteforce on its way... Javier Fernandez-Sanguino (Oct 26)
    - Re: SSH bruteforce on its way... Volker Tanger (Oct 26)
    - SNMP worm? David Gillett (Oct 26)

(Thread continues...)