Arthur Krewat krewat at kilonet.net
Wed Nov 7 11:38:53 AEST 2018

On 11/6/2018 5:29 PM, Dan Cross wrote:
> If authentication is happening by users typing passwords into SSH 
> clients, which then get sent to SSH servers to be validated against 
> the KDC on machines that have been so cracked, an attacker can steal 
> passwords by subverting the SSH server processes.

One of the most fun things I've done in the past few years was to take 
OpenSSH and make it dump the attempted password while hackers are trying 
to brute-force my inbound SSH.

They've stopped for some reason. Now they just try TELNET over and over 
again. Mostly from exploited cameras.

art k.

More information about the TUHS mailing list