home bbs files messages ]

Just a sample of the Echomail archive

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

   RBERRYPI      Support for the Raspberry Pi device      21,939 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 19,242 of 21,939   
   Chris Green to Theo   
   Re: It is now very nearly impossible to    
   29 Jan 24 19:26:13   
   
   INTL 3:770/1 3:770/3   
   REPLYADDR cl@isbd.net   
   REPLYTO 3:770/3.0 UUCP   
   MSGID:  dd820f4d   
   REPLY:  5ba15573   
   PID: SoupGate-Win32 v1.05   
   Theo  wrote:   
   > Chris Green  wrote:   
   > > I've never understood how this can work.  If you type a wrong password   
   > > to ssh it will wait several seconds before allowing you to try again.   
   > > In addition it will throw you off completely after three failures and   
   > > you'd have to start all over.  This is default ssh, no fail2ban or   
   > > anything like that.   
   >   
   > Bombard the machine with SSH connections.  There's no delay (aside from the   
   > CPU overhead) for starting a new connection, so don't bother with the   
   > timeout, just throw as many parallel connections at the machine as you can.   
   > If you get rejected, just terminate the TCP connection and open a new one.   
   > Or just wait out the timeout, with X thousand parallel connections it   
   > doesn't waste any resources doing that.   
   >   
   > Next, run it via a botnet so each connection comes from a different IP, so   
   > avoiding fail2ban and similar firewall techniques.   
   >   
   > Finally, parallelise over a lot of different victims.  Maybe you'll get   
   > lucky at one victim, it's just a matter of probabilities.   
   >   
   > > So how can a dictionary attack possibly work?  It would take years!   
   >   
   > These are often not dictionary attacks in the sense of trying all the   
   > dictionary words (including the d1ct10n4ry w0rds etc), but using lists of   
   > known usernames/passwords.  Which you can be sure pi:raspberry is on.   
   >   
   OK, so it may be slightly more possible than I was surmising.  However   
   a Raspberry Pi isn't that fast, it'll run out of puff quite rapidly!   
   My B+ takes quite a while just to log me in with password   
   authentication! :-)   
      
   --   
   Chris Green   
   Ā·   
      
   --- SoupGate-Win32 v1.05   
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)   
   SEEN-BY: 1/19 15/0 16/0 19/37 80/1 90/1 105/81 106/201 123/130 128/260   
   SEEN-BY: 129/305 135/225 142/104 153/757 7715 203/0 218/700 840 220/70   
   SEEN-BY: 221/1 6 242 360 226/17 30 100 227/114 229/110 112 113 200   
   SEEN-BY: 229/206 307 317 400 426 428 470 550 616 664 700 230/0 240/5832   
   SEEN-BY: 266/512 267/800 280/5003 282/1038 291/111 292/854 301/1 310/31   
   SEEN-BY: 320/119 219 319 2119 322/757 325/304 335/364 341/66 342/200   
   SEEN-BY: 396/45 423/81 460/58 633/280 712/848 770/1 3 100 330 340   
   SEEN-BY: 772/210 220 230 5020/400 5053/58 5058/104 5075/35   
   PATH: 770/3 1 218/840 221/6 1 320/219 229/426   
      

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca