[Gllug] ssh brute force attacks

Anthony Newman anthony.newman at ossified.net
Mon Dec 8 17:14:15 UTC 2008


Ryan Cartwright wrote:
> I have been known to restrict ssh to a single user that is only there
> for ssh in. Then I can su from there once I am in. Again depending
> upon my paranoia level, the username for this account is sometimes not
> recognisable as a "real" word. So it's more likely to be something
> like "agk4t93" than "ryan". Not that a brute force is incapable of of
> attempting such combinations of characters but IME they tend to try
> those as passwords rather than usernames.


Do you also sleep with one eye open?
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list