|
Security Incidents
mailing list archives
Re: Weird SSH attack last night and this morning (still ongoing)
From: Valdis.Kletnieks () vt edu
Date: Thu, 15 May 2008 17:41:47 -0400
On Wed, 14 May 2008 19:05:21 EDT, Gary Baribault said:
I doubt it, that's a man in the middle attack if I understood, this is a
kind of distributed brute force and as I said in a more recent post,
No, the Debian OpenSSH vuln isn't a MITM attack (although it could be used
as *part* of one). The problem is that rather than trillions upon trillions
of possible keys, it would only generate one of some 2^18 keys, making the
brute forcing much easier (if you had a botnet of 10,000 bots, you could
break a weak key with an average of only 13 probes per bot, as opposed to
the several million year's worth of probes it should have taken).
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
- Re: Weird SSH attack last night and this morning (still ongoing), (continued)
|
Intro
