You have to assume this *has* worked somewhere, at least once:
Jun 22 16:23:20 skapet sshd-session[13986]: Failed password for invalid user root/1234567 from 205.254.166.19 port 10806 ssh2
#ssh #sshgropers #passwordgropers #passwordguessers #bruteforcers #cybercrime
Should I Stop Caring and Let IP Address Reputation Sort Them Out? https://nxdomain.no/~peter/should_i_stop_caring_and_let_ip_reputation_sort_them_out.html
How long does data on misbehaving hosts on the Internet stay relevant in an IP Address Reputation context?
Link to poll within (on for a week, 4 days left, please *do* vote).
#security #passwordguessing #antispam #sshgropers #pop3gropers #blacklists #blocklists #bruteforcers #spam #cybercrime #ipreputation
(repost for the CET-ish crowd, some still in holiday mode, and with graphics of sorts added)
For the Monday morning (CET-ish) set:
I have just updated the article "The Hail Mary Cloud And The Lessons Learned" https://nxdomain.no/~peter/hailmary_lessons_learned.html aka field notes from the forever war against #passwordgropers on #ssh and elsewhere, with loads of more references to newer material and data #slowbrutes #hailmarycloud #bruteforcers #cybercrime
All links to my stuff has (at least) a nontracked option .
The topic of #ipv6 support came up at work (as it does sometimes) and a colleague asked, how popular is that protocol, really?
My best data source is the bruteforcers+webtrash data (twice hourly dump https://nxdomain.no/~peter/bruteforcers.txt, see https://nxdomain.no/~peter/badness_enumerated_by_robots.html for explanation, alternatively prettified and G-tracked https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html) and it looks like roughly seven percent of the source addresses for undesirable activity are IPv6, the rest old fashioned #IPv4. #passwordguessing #bruteforcers
I was wondering if there is already #GPU #accelerated #bruteforcers for hash-to-curve
https://datatracker.ietf.org/doc/rfc9380/ out there?
and going beyond just "simple" h2c, 2hashdh prf H(pwd, H2c(pwd)^k) seems to be popular, might as well also inquire about their support. #opaque is one case where this is being used.
does anyone know?
@pugmiester @[email protected] Thanks for the mention!
The basics are outlined in (at least) https://home.nuug.no/~peter/pf/en/bruteforce.html with some embellishments in https://nxdomain.no/~peter/forcing_the_password_gropers_through_a_smaller_hole.html and links therein (also with nicer formatting but trackers at https://bsdly.blogspot.com/2017/04/forcing-password-gropers-through.html).
And of course The Book of PF (https://nostarch.com/pf3 or reputable bookshops)
Peter N. M. Hansteen
stf
postmodern