Re: shutting down dictionary attacks

• Previous message: Josh Grosse: "Re: shutting down dictionary attacks"
• In reply to: Josh Grosse: "Re: shutting down dictionary attacks"
• Next in thread: Brian J. Woods: "Re: shutting down dictionary attacks"
• Reply: Brian J. Woods: "Re: shutting down dictionary attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 4 Jul 2005 23:07:47 +0200
To: "Brian J. Woods" <brianjwd@gmail.com>, secureshell@securityfocus.com

With reflexion PAM is for sure responsible of this, i think the sshd
is still connected to PAM who is responsible of password login, i
think that disconnect sshd from PAM maybe a way to stop those kind of
attack, another way is that script kiddies directly launch a password
AND login command and due to the config are immediately rejected, but
it's log. A way to stop that attacks is to run sshd on another port
and to hide it, but i don't know how you can hidden sshd...

2005/7/4, Josh Grosse <josh@jggimi.homeip.net>:
> On Mon, Jul 04, 2005 at 11:03:15AM -0500, Brian J. Woods wrote:
>
> > Look at documentation for sshd for StrictMode, the time writing this I
> > didn't have the time. Also MaxAuthTries, try changing the value from the
> > one you have to see if that changes things a bit. I think the problem
> > you have is not so trivial, but this should be an interesting thread on
> > ways to handle this.
>
> The default for StrictMode is "yes" -- but it just checks users files to
> determine if they're world writeable. I'm not sure how it would apply.
>
> I'm setting MauxAuthTries to 1, the default is 6.
>
> You're right. This is certainly interesting.
>

• Previous message: Josh Grosse: "Re: shutting down dictionary attacks"
• In reply to: Josh Grosse: "Re: shutting down dictionary attacks"
• Next in thread: Brian J. Woods: "Re: shutting down dictionary attacks"
• Reply: Brian J. Woods: "Re: shutting down dictionary attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]