Brute-force password cracking is simply trying a password of A with the given salt, folowing by B to Z until every possible character combination is tried. It is very time consuming, but given enough time brute force cracking WILL get the password. Lerning how brute force work is very important part if you want to be/aready work in computer network and computer system field cause a failure authentication is a fatal tragedy.
In cryptography, a brute-force attack is a strategy used to break the encryption of data. It involves traversing the search space of possible keys until the correct key is found. The selection of an appropriate key length depends on the practical feasibility of performing a brute force attack. By obfuscating the data to be encoded, brute-force attacks are made less effective as it is more difficult to determine when one has succeeded in breaking the code. The resources required for a brute force attack scale exponentially with increasing key size, not linearly. As a result, doubling the key size for an algorithm does not simply double the required number of operations, but rather squares them. Although there are algorithms which use 56-bit symmetric keys, usually 128- to 256-bit keys are standard.
learning how Brute-force work is not just talk about how to use it's (the method) to attack some commrades mechines, but it's simply way to diffense our machines form destructive method like this.
What the symtoms you are being (brute-force) attack ?
this explanation is taking form this, Since 2005 there has been an immense increase in brute force SSH attacks and though Linux is pretty secure by default, it does not stop evil programs from indefinitely trying to login with different passwords. Without proper protection your server is a sitting duck waiting for a bot to guess the right combination and hit the jackpot. But with just 2 commands we can stop that.
Jul 28 21:32:16 impala sshd[10855]: Illegal user office from 213.191.74.219
Jul 28 21:32:16 impala sshd[10855]: Failed password for illegal user office from 213.191.74.219 port 53033 ssh2
learning how Brute-force work is not just talk about how to use it's (the method) to attack some commrades mechines, but it's simply way to diffense our machines form destructive method like this.
What the symtoms you are being (brute-force) attack ?
this explanation is taking form this, Since 2005 there has been an immense increase in brute force SSH attacks and though Linux is pretty secure by default, it does not stop evil programs from indefinitely trying to login with different passwords. Without proper protection your server is a sitting duck waiting for a bot to guess the right combination and hit the jackpot. But with just 2 commands we can stop that.
Jul 28 21:32:16 impala sshd[10855]: Illegal user office from 213.191.74.219
Jul 28 21:32:16 impala sshd[10857]: Illegal user samba from 213.191.74.219
Jul 28 21:32:16 impala sshd[10857]: Failed password for illegal user samba from 213.191.74.219 port 53712 ssh2
Jul 28 21:32:16 impala sshd[10859]: Illegal user tomcat from 213.191.74.219
Jul 28 21:32:16 impala sshd[10859]: Failed password for illegal user tomcat from 213.191.74.219 port 54393 ssh2
Jul 28 21:32:16 impala sshd[10861]: Illegal user webadmin from 213.191.74.219
Jul 28 21:32:16 impala sshd[10861]: Failed password for illegal user webadmin from 213.191.74.219 port 55099 ssh2
Tips that make you stay alert is, don't forget to check the logs (system/application logs) every time, from the symtom above we conclude that our mechines is being-brute force from the ip 213.191.74.219. Notice explanation above, brute force method is trying to combine a possible character from A to Z to get the right password and when the combination is wrong our machines will give respond and write it the logs, and this is potential evidance to dig. Do you see the rate at which this is happening? Nowadays' connection speeds allow for crackers to try an enormous amount of combinations every second! It's time to stop this before someone hits the jackpot and my server is compromised.
How to deffense from brute-force attack ?
Talking about how to keep safe is not just about administrator responsibility, but all user who have an interest in the system is having responsibility to keep the system safe. There are several techniques that an admin might employ to force users to use better passwords, and several different packages that could be loaded and configured onto most Unix systems to better secure the passwords with out forgetting that password is must easy to remember, here they are several technique How to keep save from Brute-force attack :
As User
1. Make a best combination of Character, Alphabet, Number, then Lowercase and Uppercase. Ex : cR1styn4
2. Longer is good, make your password at least 6 character.
3. Change periodicaly your paassword.
4. Avoid using object name (name of parent, name of city, etc)
As administrator
1. Make several constraint that make user notice to their password.
2. Build a plated firewall.
3. Shadowed password. (i think you are if you are unix/linux user)
4. Having 3rd party application (IDS,Honeypot) is not bad.
5. Check the logs and doing action, block some potential attacker.
Talking about how to keep safe is not just about administrator responsibility, but all user who have an interest in the system is having responsibility to keep the system safe. There are several techniques that an admin might employ to force users to use better passwords, and several different packages that could be loaded and configured onto most Unix systems to better secure the passwords with out forgetting that password is must easy to remember, here they are several technique How to keep save from Brute-force attack :
As User
1. Make a best combination of Character, Alphabet, Number, then Lowercase and Uppercase. Ex : cR1styn4
2. Longer is good, make your password at least 6 character.
3. Change periodicaly your paassword.
4. Avoid using object name (name of parent, name of city, etc)
As administrator
1. Make several constraint that make user notice to their password.
2. Build a plated firewall.
3. Shadowed password. (i think you are if you are unix/linux user)
4. Having 3rd party application (IDS,Honeypot) is not bad.
5. Check the logs and doing action, block some potential attacker.