[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Brain dead SSH scans from Italy
From:       Nick FitzGerald <nick () virus-l ! demon ! co ! uk>
Date:       2005-10-29 4:17:22
Message-ID: 4363AEA1.27090.691FB82 () gmail ! com
[Download RAW message or body]

Etaoin Shrdlu wrote:

<<snip>>
> Thanks to whomever finally got through, however you did it. I had actually
> allowed one host to start responding, and it had gotten to the part I
> always least understand, i.e. the tries for root's password. I mean,
> really, are there that many hosts out there with root accounts that can be
> guessed with an automated password guesser?  ...

Define "that many"...

It's not about the total number -- it's simply about the fact that 
there really are some, and we know that here some == quite a few more 
than one.  Better to think of it in terms of a proportion though,   
then allow that the law of large numbers kicks in _on both the 
attackers' and victims' sides of the equation_.  If the potential 
attackers can run their probes from a botnet then they reduce their own 
workload significantly are not even risking discovery or any real 
"loss" if they tracked/shut-down as it is all but guaranteed that all 
they will lose is a bot or two in the odd case where someone will care 
enough to try to track down "the attacker".  And if the available 
victims are, say 0.00015% of all machines, scanning a few million 
machines gets you plenty more new victims.

And that's not even considering that some machines may be more 
worthwhile cracking than others...


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]