Prev: CFP EuroBSDCon 2010
Next: iTunes in emulator?
From: User Bp on 20 Jun 2010 23:51
Hi all,

In browsing through _lots_ of breakin attempts recorded
through the logfiles, I've been surprised by the complete
avoidance of password guessing attempts for the accounts
actively in use on the machines. It seems fairly clear
that they're being avoided by some mechanism, but it's
not easy (for me) to imagine what that mechanism is.

Would somebody be so kind as to enlighten me?

Thanks for reading,

bob prohaska



From: --martin-- on 21 Jun 2010 10:05
On 21/06/10 04:51, User Bp wrote:
> Hi all,
>
> In browsing through _lots_ of breakin attempts recorded
> through the logfiles, I've been surprised by the complete
> avoidance of password guessing attempts for the accounts
> actively in use on the machines. It seems fairly clear
> that they're being avoided by some mechanism, but it's
> not easy (for me) to imagine what that mechanism is.
>
> Would somebody be so kind as to enlighten me?

I take it you're not offering 'fingerd' service to the networks where
the attacks are coming from? Finger is disabled by default.


From: User Bp on 21 Jun 2010 22:34
--martin-- <invalid(a)example.com> wrote:
>
> I take it you're not offering 'fingerd' service to the networks where
> the attacks are coming from? Finger is disabled by default.
>

Finger is in its default state; local fingers work, remote fingers
report "connection refused".

Thanks for the reminder; I'd not thought about finger for many years.

bob


 | 
Pages: 1
Prev: CFP EuroBSDCon 2010
Next: iTunes in emulator?