On Monday 20 September 2004 17:40, suse@rio.vg wrote:
Does anyone running a unix server really use "guest", "test", "user", or "admin" as real accounts? Judging by the volume of attempts I'm getting, there has to be something causing this. Was a borked version of ssh server released for windows, or something? Or is this trying to connect to zombie machines? From what I understand, ssh server isn't common on windows, and those accounts certainly aren't common to unix... Anyone know what's going on here?
AFAIK, when someone attempts to log in with an existing user name and incorrect password, the timing on the denied/rejected response is a great deal longer than the timing on a denied/rejected response for a non-existant user. Plugging your machine with first root, then a few accounts that in a typical unix environment will not exist, will give a potential hacker a bit of infor for their dictionary attack. Running the sequence of unknown user/unknown password is a huge resource requirement, so all they do now is just run a dictionary on user names, measure the response and make an educated guess from the responses what usernames probably do exist. Then they can start with passwords. B