Anaconda 22.17+ enforces "good" passwords
Stephen John Smoogen
smooge at gmail.com
Tue Feb 24 15:45:42 UTC 2015
On 24 February 2015 at 05:46, Hubert Kario <hkario at redhat.com> wrote:
> On Tuesday 24 February 2015 13:08:46 Tomas Mraz wrote:
> > On Út, 2015-02-24 at 12:32 +0100, Hubert Kario wrote:
>
> > > rate limiting and denyhosts have no impact what so ever when the
> attacker
> > > has a botnet to his disposal
> >
> > Large botnet means that the attack is targeted. I do not think we can
> > prevent targeted attack against weak password in the default
> > configuration. What we should aim at is prevention of non-targeted
> > attacks such as attacks you can see when you open ssh port on a public
> > IP almost immediately. These attacks usually come from single IP
> > address.
>
> Not necessarily, I've seen both - where an IP did try just 2 or 3
> password/user combinations and ones that did try dozens.
>
> Having access to botnet is not uncommon or expensive, making it possible
> for
> "bored student" kind of targeted attacks. You can do low level of such an
> attack with just EC2.
>
> I'm not saying that we shouldn't have rate limiting, but it shouldn't be
> the
> only thing above simple dictionary check.
>
>
That matches what I am seeing with a couple of random servers I have out
there. The number of attacks where IP address one is doing
apple:apple
apple:123456
apple:trustn01
apple:...
bob:bob
bob:123456
bob:trustn01
bob:password
where if box A is blocked a new ip address starts up exactly where the
first one stopped is much more common now than it was say 2 years ago and
it will keep going until 50-60 boxes are rotated through.
--
Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/security/attachments/20150224/10c5ae82/attachment.html>
More information about the security
mailing list