Domain: bsdly.net
Stories and comments across the archive that link to bsdly.net.
Stories · 7
-
SSH Password Gropers Are Now Trying High Ports
badger.foo writes "You thought you had successfully avoided the tiresome password guessing bots groping at your SSH service by moving the service to a non-standard port? It seems security by obscurity has lost the game once more. We're now seeing ssh bruteforce attempts hitting other ports too, Peter Hansteen writes in his latest column." For others keeping track, have you seen many such attempts? -
OpenBSD Marches Toward 5.0 Release
badger.foo writes "OpenBSD-current just turned 5.0-beta, providing us a preview of what the upcoming release (slated for November 1st) will look like. Peter Hansteen takes us through the main new features and explains the development process that has consistently turned out high-quality releases on time, every six months for more than a decade." -
The Low-Intensity, Brute-Force Zombies Are Back
Peter N. M. Hansteen writes "In real life, zombies feed off both weak minds and the weak passwords they choose. When the distributed brute-force attempts stopped abruptly after a couple of months of futile pounding on ssh servers, most of us thought they had seen sense and given up. Now, it seems that they have not; they are back. 'This can only mean that there were enough successful attempts at guessing people's weak passwords in the last round that our unknown perpetrators found it worthwhile to start another round. For all I know they may have been at it all along, probing other parts of the Internet ...' The article has some analysis and links to fresh log data." -
Giving Your Greytrapping a Helping Hand
Peter N. M. Hansteen writes "Some spam houses have invested in real mail servers now, meaning that they are able to get past greylisting and even content filtering. Recently Peter Hansteen found himself resorting to active greytrapping to put some spammers in their place. The article also contains a list of spam houses' snail mail addresses in case you want to tour their sites." -
Name and Shame Spam Senders With OpenBSD
Peter N. M. Hansteen writes "Once you've identified spam senders, OpenBSD provides all the tools you need to take one step further: exporting their addresses and publishing the evidence. You can even trap them yourself using known bad addresses. It's easy, fun and good netizenship." -
The Slow Bruteforce Botnet(s) May Be Learning
badger.foo writes "We've seen stories about the slow bruteforcers — we've discussed it here — and based on the data, my colleague Egil Möller was the first to suggest that since we know the attempts are coordinated, it is not too far-fetched to assume that the controlling system measures the rates of success for each of the chosen targets and allocates resources accordingly. (The probes of my systems have slowed in the last month.) If Egil's assumption is right, we are seeing the bad guys adapting. And they're avoiding OpenBSD machines." For fans of raw data, here are all the log entries (3MB) that badger.foo has collected since noticing the slow bruteforce attacks. -
The Slow Bruteforce Botnet(s) May Be Learning
badger.foo writes "We've seen stories about the slow bruteforcers — we've discussed it here — and based on the data, my colleague Egil Möller was the first to suggest that since we know the attempts are coordinated, it is not too far-fetched to assume that the controlling system measures the rates of success for each of the chosen targets and allocates resources accordingly. (The probes of my systems have slowed in the last month.) If Egil's assumption is right, we are seeing the bad guys adapting. And they're avoiding OpenBSD machines." For fans of raw data, here are all the log entries (3MB) that badger.foo has collected since noticing the slow bruteforce attacks.