Re: Root exploit for FreeBSD

From: Svein Skogen (Listmail Account) <"Svein>
Date: Fri, 11 Dec 2009 15:00:23 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dag-Erling Smørgrav wrote:
> $witch <a.spinella_at_rfc1925.net> writes:
>> but i look in syslogs of some FreeBSD internet server and there is a
>> great evidence that some "botnets" are (again) tryng simple
>> combination of  uid/pwd.
>>
>> starting from Dec  8 01:00:34 (CET) hundreds of zombies are looking
>> for a valid username.
> 
> Starting from Dec 8?  This has been going on for years, and it is not
> targeted at FreeBSD; they attack anything that runs an SSH server.  Of
> course, on current OpenSSH versions, it will get them nowhere, because
> there is no partial confirmation, so they have to guess at the user
> *and* the password, instead of first searching for an existing user and
> *then* guessing at the password.
> 
> (on certain OSes - but not FreeBSD - running certain older OpenSSH
> versions, you could figure out if the user existed, even if you didn't
> have thee right password)

The easiest way of brute-forcing access to a FreeBSD server includes
locating the sysadmin and applying the common desk drawer. It's that simple.

//Svein

- --
- --------+-------------------+-------------------------------
  /"\   |Svein Skogen       | svein_at_d80.iso100.no
  \ /   |Solberg Østli 9    | PGP Key:  0xE5E76831
   X    |2020 Skedsmokorset | svein_at_jernhuset.no
  / \   |Norway             | PGP Key:  0xCE96CE13
        |                   | svein_at_stillbilde.net
 ascii  |                   | PGP Key:  0x58CD33B6
 ribbon |System Admin       | svein-listmail_at_stillbilde.net
Campaign|stillbilde.net     | PGP Key:  0x22D494A4
        +-------------------+-------------------------------
        |msn messenger:     | Mobile Phone: +47 907 03 575
        |svein_at_jernhuset.no | RIPE handle:    SS16503-RIPE
- --------+-------------------+-------------------------------
         If you really are in a hurry, mail me at
               svein-mobile_at_stillbilde.net
 This mailbox goes directly to my cellphone and is checked
        even when I'm not in front of my computer.
- ------------------------------------------------------------
                     Picture Gallery:
          https://gallery.stillbilde.net/v/svein/
- ------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksiUHcACgkQODUnwSLUlKT/MwCfdWQsuwr8EIOkJOJsrXFTmTAY
KroAn0pGiF4vbGgcfQqp6IwVULGqYcQk
=7Qj5
-----END PGP SIGNATURE-----
Received on Fri Dec 11 2009 - 13:00:28 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:59 UTC