[Info-vax] SSH on VAX - performance impact of break in attempts
Michael Kraemer
m.kraemer at gsi.de
Wed Aug 25 08:25:07 EDT 2010
In article <00AA27B4.0D5C86EA at SendSpamHere.ORG>, VAXman- @SendSpamHere.ORG writes:
> In article <i52ucj$396$1 at lnx107.hrz.tu-darmstadt.de>, m.kraemer at gsi.de
> (Michael Kraemer) writes:
> >In article
> <8790d786-445c-4da9-a67d-01959b9e0ecc at i31g2000yqm.googlegroups.com>,
> >Neil Rieck <n.rieck at sympatico.ca> writes:
> >>
> >> I have been seeing this for years on one of my public machines running
> >> TCPware. It is quite amusing and very childish: the far end system
> >> appears to be engaged in a dictionary via SSH and is cycling through
> >> various account names and passwords. Since this is a VMS machine, so
> >> no one has ever been able to break in.
> >
> >If - by chance - the right combination of account/password is guessed,
> >why would a VMS machine be safer than any other?
>
> Beacause only a fool would create a 'root' account or an 'administrator'
> account on VMS *AND* give it privies. If such a fool should exit, he or
> she deserves the wrath of whatever these password crackers can do! The
> 12 character username prohibits the 'administrator' account.
The OP didn't mention these particular accounts.
The fact that these are (probably) not existing does not preclude
that other combinations may actually work.
Even if they are not privileged, break in is break in,
and it should give you headaches.
And I guess there *are* privileged accounts which could be tested.
More information about the Info-vax
mailing list