mailing list archives
Re: Brain dead SSH scans from Italy
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 29 Oct 2005 17:17:22 +1300
Etaoin Shrdlu wrote:
Thanks to whomever finally got through, however you did it. I had actually
allowed one host to start responding, and it had gotten to the part I
always least understand, i.e. the tries for root's password. I mean,
really, are there that many hosts out there with root accounts that can be
guessed with an automated password guesser? ...
Define "that many"...
It's not about the total number -- it's simply about the fact that
there really are some, and we know that here some == quite a few more
than one. Better to think of it in terms of a proportion though,
then allow that the law of large numbers kicks in _on both the
attackers' and victims' sides of the equation_. If the potential
attackers can run their probes from a botnet then they reduce their own
workload significantly are not even risking discovery or any real
"loss" if they tracked/shut-down as it is all but guaranteed that all
they will lose is a bot or two in the odd case where someone will care
enough to try to track down "the attacker". And if the available
victims are, say 0.00015% of all machines, scanning a few million
machines gets you plenty more new victims.
And that's not even considering that some machines may be more
worthwhile cracking than others...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/