Re: Weird SSH attack last night and this morning (still ongoing)

On Wed, 14 May 2008 19:05:21 EDT, Gary Baribault said:
> I doubt it, that's a man in the middle attack if I understood, this is a
> kind of distributed brute force and as I said in a more recent post,

No, the Debian OpenSSH vuln isn't a MITM attack (although it could be used
as *part* of one). The problem is that rather than trillions upon trillions
of possible keys, it would only generate one of some 2^18 keys, making the
brute forcing much easier (if you had a botnet of 10,000 bots, you could
break a weak key with an average of only 13 probes per bot, as opposed to
the several million year's worth of probes it should have taken).