Most Nerd-Its | Nerd Trends | Recent

  1. Beauty Can take all 26 letters in Why Women Dress Up and Get Cosmetic Surgery
  2. RE: Not that you care what I think, but... in Ten Silver Linings for Conservatives
  3. RE: God and Government by the book in A god's role in government should be?
  4. RE: God and Government by the book in A god's role in government should be?
  5. RE: The Pendulum Keeps Swinging in A Question of Morality
  6. RE: The milliHelen - metric unit of measurement in Calculated Beauty
  7. Not quite the same in Digital Camera Derived Watermarks
  8. RE: The Pendulum Keeps Swinging in A Question of Morality
  9. God and Government by the book in A god's role in government should be?
  10. RE: More to it than individual vs collective in A Question of Morality

What is OmniNerd?

Welcome! OmniNerd's content is generated by you, the reader. Through voting and moderation we strive to highlight the nerdiest of what's around and provide content that's a little more thought provoking than other sites.

Submit New Content

Voting Booth

How much will you spend on each immediate family member this Christmas?

View Results, All Polls
4 votes, 0 comments
7
Nerd-Its
+ -

Brute Force Attacks on SSH

Newspaper

current event by VnutZ on 23 May 2008, tagged as security, computing, and unix

Computer researchers at Clarkson University have provided a little more light into an adaptation of the classic brute-force attack on authentication. Many UNIX systems are considered secure because previously accessible ports and weaknesses are now hidden behind SSH tunnels. As the prevalence of SSH servers has risen, they have become more lucrative than ever for hackers to penetrate. The classic brute-force attack was relatively easy for a prudent administrator to counter, however, BOTnets allow a new technique called "slow-motion brute-force" whereupon the attack is spread across time and IP space making the attack much harder to detect. Owens' research shows the BOTnets still employ the typical popular username/password combinations in addition to what seemed to be a common dictionary list. Their conclusions include the typical good user policies and strong password enforcement but do raise the issue that many IDS configurations would miss the distributed attack.

Star This to Save in Your Profile Favorite