Some of the password attempts are predictable (e.g. username: "root",
password: "root") but others are less easy to explain. For example, there
was a log-in attempt for the usernames "root" and "dark" with the password
"ManualulIngineruluiMecanic", which I think is Romanian for Handbook of
Mechanical Engineering. Why would someone use this password, especially for
the uncommon username "dark"? Is this book common in Romania; is it likely
to be by the desk of a sys-admin (or hacker) trying to choose a password?
Has the hacker found the password in use on another compromised system; is
it the default password for anything?
-- Steven J. Murdoch
investigates SSH brute force attempts
In October 2011, ticket #4185
was filed in the Tor bug tracker by a user in
China who found that their connections to US-based Tor bridge relays were
being regularly cut off after a very short period of time. At the time we
performed some basic experimentation and discovered that Chinese IPs
(presumably at the behest of the Great Firewall of China, or GFW) would
reach out to the US-based bridge and connect to it shortly after the Tor
user in China connected, and, if successful, shortly thereafter the
connection would be blocked by the GFW.
on the Tor project blog
to post comments)