I love IP Tables....

[Wolfgang S. Rupprecht]

"Amadeus W.M." <amadeus84 at verizon.net> writes:
> At any rate, I really don't understand why they even bother with brute 
> force. Do they ever find anything? 

It is successful enough.  Most of the connections you see come from
systems that have been infiltrated this way.  From what I've been able
to tell it is still mostly a manual operation by folks doing it for
"bragging rights", but there isn't any reason why it couldn't be
automated.  Poke around in google for "brutessh.c" and follow some of
the links and usernames.  My mental picture is a bunch of bored kids
that like to brag about how many machines on the net they "own"
(eg. have established a presence on).

The part that I find fascinating is that brutessh.c was clearly
written by someone very new to C programming and bsd/linux/unix in
general. At the time, it appears that they didn't even know how to
code and loop over a username/password array.  It is all open-coded
with a long list of repeated subroutine calls submitting each
username/password signally.  What is amusing is that in spite of the
extremely crude code, the overall program works very well.  It shows
how one clever newbie attacker with a fresh idea can still cause
significant damage.

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/
Hints for IPv6 on FC6 http://www.wsrcc.com/wolfgang/fedora/ipv6-tunnel.html