dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
322
bjlockie
join:2007-12-16
Ontario
Technicolor TC4350
Asus RT-AC56
Grandstream HandyTone 702/704

bjlockie

Member

passwd strength

A server in Korea is trying get in my server by making repeated attempts at my root password.
I googled the IP and it is well known.
It can't ssh as root anyways.

My user passwords are all pretty secure.
It will take 4 trillion years for a desktop to brute force my random 15 digit passwords.
Is 15 random digits enough these days?

dib22
join:2002-01-27
Kansas City, MO

dib22

Member

said by bjlockie:

Is 15 random digits enough these days?

Microsoft thinks so, if that tells you anything

I switched to 28 minimum characters on any system/site that will take them.

Just block the IP block from your server entirely since you know the source.

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

Dustyn to bjlockie

Premium Member

to bjlockie
I use a random password generator and store all my passwords and usernames in a database.
85160670 (banned)
"If U know neither the enemy nor yoursel
join:2013-09-17
Edmonton, AB

2 recommendations

85160670 (banned) to bjlockie

Member

to bjlockie
Perfect p@$$w0Rd : [ »www.grc.com/passwords.htm ]

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN

Dustyn

Premium Member

Yup!
I have used his secure site for generating a MAX length password of gibberish for my B/G/N router password.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to bjlockie

MVM

to bjlockie
...depends how they're trying to break the password.

Otherwise 2nd dib22 See Profile of just blocking the IP.

My 00000010bits

Regards
TheMG
Premium Member
join:2007-09-04
Canada
MikroTik RB450G
Cisco DPC3008
Cisco SPA112

TheMG to bjlockie

Premium Member

to bjlockie
Password length and complexity isn't super critical when the number of attempts per second to bruteforce is severely limited even if just by internet latency.

15 character password is going to take decades to bruteforce over the internet.

Best practice anyways is to limit the number of unsuccessful attempts and then "ban" the IP. Sure helps keep the system logs a lot cleaner if anything.
Velnias
join:2004-07-06
233322

Velnias to bjlockie

Member

to bjlockie
15 digits - of course not. Add upper and lower letters and some characters.

And do yourself a favor - don't use blacklisting.