7 Nov
2018
7 Nov
'18
2:38 a.m.
On 11/6/2018 5:29 PM, Dan Cross wrote:
If authentication is happening by users typing
passwords into SSH
clients, which then get sent to SSH servers to be validated against
the KDC on machines that have been so cracked, an attacker can steal
passwords by subverting the SSH server processes.
One of the most fun things I've done in the past few years was to take
OpenSSH and make it dump the attempted password while hackers are trying
to brute-force my inbound SSH.
They've stopped for some reason. Now they just try TELNET over and over
again. Mostly from exploited cameras.
art k.