Security Incidents: Re: Weird SSH attack last night and this morning (still ongoing)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Weird SSH attack last night and this morning (still ongoing)

From: Valdis.Kletnieks () vt edu
Date: Fri, 16 May 2008 13:30:11 -0400

On Fri, 16 May 2008 01:17:48 BST, Alex Howells said:

of possible keys, it would only generate one of some 2^18 keys, making the
brute forcing much easier (if you had a botnet of 10,000 bots, you could
break a weak key with an average of only 13 probes per bot, as opposed to
the several million year's worth of probes it should have taken).


I'm somewhat curious where you get the 2**18 number, all reasonable
analysis seems to conclude it is actually 2**15 -- although if you


I cheated and looked at the tester that got released, it had 2**18 - 4
keys it checked for (and a quick look at the 4 missing spots shows that those
would likely have been discarded as "weak" keys - stuff like all-zeros, etc).

Attachment: _bin
Description:

By Date By Thread

Current thread:

Re: Weird SSH attack last night and this morning (still ongoing), (continued)
- Re: Weird SSH attack last night and this morning (still ongoing) Brent Kearney (May 07)
- Re: Weird SSH attack last night and this morning (still ongoing) Mick Pollard (May 14)
  - Re: Weird SSH attack last night and this morning (still ongoing) Gary Baribault (May 14)
    - Re: Weird SSH attack last night and this morning (still ongoing) Valdis . Kletnieks (May 15)
    - Message not available
    - Re: Weird SSH attack last night and this morning (still ongoing) Valdis . Kletnieks (May 16)
    - Message not available
    - Re: Weird SSH attack last night and this morning (still ongoing) Valdis . Kletnieks (May 16)