[Eug-lug] source of ssh scanner

larry price laprice at gmail.com
Wed Aug 25 12:24:19 PDT 2004


On Wed, 25 Aug 2004 11:49:53 -0700 (PDT), Po Petz <po at ciphermonkeys.org> wrote:
> On Wed, 25 Aug 2004, larry price wrote:
> 
> > I rather doubt that anyone on this list is using passwords this weak.
> 
> You'd also have to be running OpenSSH with "PermitRootLogin yes" for all
> the checkauth("root",,) calls, no?
> 
Yes, that's disabled by default in most sshd installs, so it's
probably not a big concern for the average user

> > I guess I'm mildly surprised at how crude the damn thing is, couldn't
> > they at least use a loadable dictionary?
> 
> Some of the scanners that end up in rootkits are pretty pathetic programs
> with library code pasted right in.  This one is impressive in that it
> doesn't just call system("/usr/bin/ssh");.  :)

well, no one expects car thieves to be master mechanics.


OTBFAH:
I did think about stripping the passwords out and making a CGI that
would let people test their passwords online... ;-)


-- 
http://Zoneverte.org -- information explained
Do you know what your IT infrastructure does?


More information about the EUGLUG mailing list