[Info-vax] SSH on VAX - performance impact of break in attempts

[glen herrmannsfeldt]

JF Mezei <jfmezei.spamnot at vaxination.ca> wrote:
(snip)
 
> Because FTP was the only one generating log entries showing which
> username was being attempted. Don't assume they weren't trying other
> protocols. POP is also common for dictionary attacks.
 
> What I find interesting is that telnet is not a common attack because so
> many sites have disabled it. It is in fact less dangerous than leaving
> SSH open.

I remember many years ago, when we were running both SunOS and
Solaris systems, hearing that there were many more attacks 
against Solaris.  Not that it was easier to break, but that
there were so many more Solaris systems (especially web servers)
around.

Though there also used to be discussion on how hard it was
to identify a system from the outside.  (Maybe even version.)
Well, some might have an identifying string when connecting,
but it had to do with finding other characteristics, such as
timing of responses to connect requests.

-- glen