[nSLUG] US Homeland Security

Peter Cordes peter at cordes.ca
Sat Aug 21 00:59:51 ADT 2004

On Wed, Aug 18, 2004 at 07:55:11PM -0300, Jeff Warnica wrote:
> If someone has access to you shadow file, all is lost already. Unless
> ones configuration is seriously wacked

 or they got a copy of your backups.  In that case, if they can find an MD5
collision that consists of ASCII characters they can type in, they win and
you lose because of MD5's weaknesses.  Actually, they might hack an ssh
client to let them send a non-ASCII string as a password.  In that case, it
would depend on what kind of restrictions the server put on the password.

> the list of account(s) with
> access to read shadow is strikingly similar to the list of accounts who
> can write to it. Not to mention that that list is similar to the list of
> accounts who can read - and write - any file on the system, completely
> removing the necessity of attacking a particular password/account.
> As for "tough" passwords there is a direct relationship between the
> required toughness of password and the probability of a user writing it
> down.

 When you're being hammered by a password guesser, physical security for
your home computer is easy, and good passwords are important.

 back to the original topic:
 My home machine has been getting attacked by something that tries to guess
some passwords for root, test, admin, and guest (and maybe some others).  I
don't allow root logins over ssh at all,  It started a couple months ago.
Maybe once a day, a string of attacks from some random computer comes it.
It's not just seeing if my port 22 is open, it's trying to login on a couple
accounts.  I haven't tried to log what passwords it tries.

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter at cor , des.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC


More information about the nSLUG mailing list