Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: SSH probes?
From: Valdis.Kletnieks () vt edu
Date: Wed, 12 May 2004 10:20:17 -0400
On Wed, 12 May 2004 09:03:57 BST, iglope said:


one time we have  : authentication failure;


May  9 21:35:10 evita sshd(pam_unix)[16374]: check pass; user unknown
 


Another we have :  check pass; user unknown
 isn't a way to discover a valid user for next brute force session ?
may be u have to tune your ssh to send the same msg for valid and 
invalid user ?


*You*, as the system admin, are told whether it's a valid userid
with a bad password, or an invalid userid - because your reaction to
the incident may differ based on which it is.

That doesn't mean that the attacker/user *at the far end* is able
to detect the distinction.

Having said that, there *was* an issue with SSH and PAM support a while ago,
where a timing attack would tell you which it was.  It shouldn't be an issue if
you're at a current release....

Attachment: _bin
Description:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]