[Info-vax] SSH on VAX - performance impact of break in attempts
Bill Gunshannon
billg999 at cs.uofs.edu
Thu Aug 26 09:36:26 EDT 2010
In article <i54n7k$hlk$1 at speranza.aioe.org>,
glen herrmannsfeldt <gah at ugcs.caltech.edu> writes:
> JF Mezei <jfmezei.spamnot at vaxination.ca> wrote:
> (snip)
>
>> Because FTP was the only one generating log entries showing which
>> username was being attempted. Don't assume they weren't trying other
>> protocols. POP is also common for dictionary attacks.
>
>> What I find interesting is that telnet is not a common attack because so
>> many sites have disabled it. It is in fact less dangerous than leaving
>> SSH open.
>
> I remember many years ago, when we were running both SunOS and
> Solaris systems, hearing that there were many more attacks
> against Solaris. Not that it was easier to break, but that
> there were so many more Solaris systems (especially web servers)
> around.
SunOS was trivial to break into. The last Unix break-in we had was
on a SunOS 4.1.2 box. That marked the setting of the Sun here!!
>
> Though there also used to be discussion on how hard it was
> to identify a system from the outside. (Maybe even version.)
> Well, some might have an identifying string when connecting,
> but it had to do with finding other characteristics, such as
> timing of responses to connect requests.
Most boxes can be identified by "fingerprinting" their TCPIP stack.
And, as the number of variants decreases the accuracy gets much better.
bill
--
Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
billg999 at cs.scranton.edu | and a sheep voting on what's for dinner.
University of Scranton |
Scranton, Pennsylvania | #include <std.disclaimer.h>
More information about the Info-vax
mailing list