What is this Very Stupid DOS Attack Script?
Mike Tancsa
mike at sentex.net
Wed Apr 6 08:58:16 PDT 2005
At 11:49 AM 06/04/2005, Martin McCormick wrote:
> We have been noticing flurries of sshd reject messages in
>which some system out there in the hinterlands hits us with a flood of
>ssh login attempts. An example:
>
>Apr 6 05:41:51 dc sshd[88763]: Did not receive identification
> string from 67.19.58.170
>Apr 6 05:49:42 dc sshd[12389]: input_userauth_request: illegal
> user anonymous
> Other than spewing lots of entries in to syslog, what is the
>purpose of the attack? Are they just hoping to luck in to an open
>account? The odds of guessing the right account name and then guessing
>the correct password are astronomical to say the least.
Actually, sadly the odds are far too good given the cost to run such a
script. Unless you force users to use GOOD passwords, they will use dumb
ones.... Think Paris Hilton recently. The cost to let a script like that
go in the background and pound away at hosts that have open ssh access is
zilch. If you have ftpd running anywhere, you will see similar attempts
---Mike
More information about the freebsd-security
mailing list