We received several responses to the earlier diary about remote password guessing.
Melvin Klassen highlighted an important technique for mitigating the risks of remote password guessing: monitoring the logs on servers that authenticate users, such as POP, FTP, IMAP, web mail, telnet, and SSH. Melvin suggested counting the number of failed logon attempts and the number of logon attempts per source IP address, so that you can look for spikes and trends that may signal an attack.
Gabriel Friedmann and Mark Senior reminded us of the large-scale phishing attack on MySpace, which allowed researchers to analyze password usage patterns. According to several reports (see 1, 2, 3), the most common passwords included:
Daniel Cid told us about an SSH honeypot he set up to monitor SSH brute force attempts and record the passwords used by them. The passwords he observed included:
Nathaniel Hall described a system he uses to crack local password hashes using John the Ripper. The examples of common passwords that he encountered include:
Thanks to everyone who wrote in.
Aug 1st 2007
1 decade ago