A Topic that needs to be discussed on next the QA meeting..
Alan Cox
alan at redhat.com
Tue Mar 18 14:01:50 UTC 2008
On Tue, Mar 18, 2008 at 04:34:32AM -0700, Andrew Farris wrote:
> Well I understand why those are a high risk, but with root at least the
> attacker knows the username, normal usernames is a double blind brute force
> right? I know my own system used to see many more root attempts than
No - scanning tools use email data, web data and statistical tables of common
usernames. Even a long time ago sending to usenet from
stupidname at mybox.com
resulting in dictionary attacks via ssh against anything in mybox.com with
username stupidname, including in some cases trying each word in the posting
Alan
More information about the fedora-test-list
mailing list