[wplug] Breakin attempts against the nobody account
Chris Ott
cott at acclamation.com
Tue Mar 29 10:39:14 EST 2005
Bill Moran wrote:
> Tom Rhodes <trhodes at FreeBSD.org> wrote:
>>
>>It's a script kiddy tacktic that has been flooding the Internet
>>and seems to be all the rage. As a security focus member, I
>>can assure you that this has been beat to death on other lists.
>
> I'm aware of the tactic, Tom. I'm just confused as to what anyone thinks
> their going to gain by trying to brute force the nobody account.
Most flavors of Unix still keep their DES-encrypted passwords in the
"/etc/passwd" file. Brute-forcing those is fairly easy, especially if
you can grab a copy of the file and work from your own system. Granted,
the vast majority of machines on the Internet that look like Unix
machines are actually Linux, these days. However, given that most of
these attacks are automated, it may still be worth the effort to find
the rare Unix box.
Just a suggestion...
Chris
More information about the wplug
mailing list