The Slow Bruteforce Botnet(s) May Be Learning

badger.foo writes "We've seen stories about the slow bruteforcers — we've discussed it here — and based on the data, my colleague Egil Möller was the first to suggest that since we know the attempts are coordinated, it is not too far-fetched to assume that the controlling system measures the rates of success for each of the chosen targets and allocates resources accordingly. (The probes of my systems have slowed in the last month.) If Egil's assumption is right, we are seeing the bad guys adapting. And they're avoiding OpenBSD machines." For fans of raw data, here are all the log entries (3MB) that badger.foo has collected since noticing the slow bruteforce attacks.

Re:Solution: Public Key Auth

[Dun+Malg]

One way to get them is to set up some sort of site that logically requires you to log in, let it become popular, then harvest the password file and use it in your attacks. Be sure to make the site geeky, though, to get good passwords and give it an attention-getting name. Something like "Slashdot."

Snorf. Try that with my password and you gain access to only a really pitiful Cobalt Qube with my friend's baby picture web site on it. Or you could just log in using the name of the site as UID and PW.

But yeah, that'd work for a lot of other's systems, I bet.