[plug] john the ripper
Ben Jensz
plug at jensz.id.au
Wed Jul 6 13:34:49 WST 2005
Ordinarily you wouldn't allow global access to ssh anyway, so any script
kiddies shouldn't be able to even connect to the service to begin with.
Secondly, what services on the box are people other than yourself
accessing? If it's not anything that requires the user to have a valid
shell to be able to login to that service with, then change the user's
shell to something like /bin/false so that the user's can't log in via
ssh anyway, so any dictionary attack against your users won't be successful.
I think you're looking at the wrong place to secure your box, I mean
password strength auditing is something you can do... but stopping
people from being able to access privileged services to be able to
launch the dictionary attack in the first place is probably a better
place to start.
/ Ben
W.Kenworthy wrote:
>I didnt get a reply to this so isnt anyone using john? If not john,
>what do people use to audit their systems?
>
>Perhaps people think I'm on a hacking attempt but I was recently scanned
>by one of those scripts that try a dictionary attack on ssh passwords -
>it was few hundred entries in when I blackholed them, but now I want to
>know how strong my passwords really are. I would have thought that
>auditing a system with public access in this fashion is a normal
>procedure to avoid exposure - or is my knowledge of security and
>responsibility that far out of date?
>
>Google is not a lot of help here ranging from "JtR is a fast cracker" to
>"forever" so I am after "whats a reasonable time"
>
>BillK
>
>
>
More information about the plug
mailing list