Re: shutting down dictionary attacks

From: Guillaume Vissian (somebodyishere_at_gmail.com)
Date: 07/05/05

  • Next message: Guillaume Vissian: "Re: shutting down dictionary attacks" 
    Date: Tue, 5 Jul 2005 07:27:23 +0200
To: "Brian J. Woods" <brianjwd@gmail.com>

    Arf, yes you must be right... i didn't take care of the OS... Also i
    don't understand those attacks... Have somebody any idea ?

    2005/7/5, Brian J. Woods <brianjwd@gmail.com>:
    > Guillaume Vissian wrote:
    >
    > >With reflexion PAM is for sure responsible of this, i think the sshd
    > >is still connected to PAM who is responsible of password login, i
    > >think that disconnect sshd from PAM maybe a way to stop those kind of
    > >attack, another way is that script kiddies directly launch a password
    > >AND login command and due to the config are immediately rejected, but
    > >it's log. A way to stop that attacks is to run sshd on another port
    > >and to hide it, but i don't know how you can hidden sshd...
    > >
    > >2005/7/4, Josh Grosse <josh@jggimi.homeip.net>:
    > >
    > >
    > >>On Mon, Jul 04, 2005 at 11:03:15AM -0500, Brian J. Woods wrote:
    > >>
    > >>
    > >>
    > >>>Look at documentation for sshd for StrictMode, the time writing this I
    > >>>didn't have the time. Also MaxAuthTries, try changing the value from the
    > >>>one you have to see if that changes things a bit. I think the problem
    > >>>you have is not so trivial, but this should be an interesting thread on
    > >>>ways to handle this.
    > >>>
    > >>>
    > >>The default for StrictMode is "yes" -- but it just checks users files to
    > >>determine if they're world writeable. I'm not sure how it would apply.
    > >>
    > >>I'm setting MauxAuthTries to 1, the default is 6.
    > >>
    > >>You're right. This is certainly interesting.
    > >>
    > >>
    > >>
    > >
    > >
    > >
    > I don't think OpenBSD uses PAM.
    >

  • Next message: Guillaume Vissian: "Re: shutting down dictionary attacks"

    Relevant Pages

    • Re: shutting down dictionary attacks
      ... >is still connected to PAM who is responsible of password login, ... >attack, another way is that script kiddies directly launch a password ... A way to stop that attacks is to run sshd on another port ...
      (SSH)
    • Re: shutting down dictionary attacks
      ... With reflexion PAM is for sure responsible of this, i think the sshd ... is still connected to PAM who is responsible of password login, ... >> Look at documentation for sshd for StrictMode, the time writing this I ...
      (SSH)
    • Re: Software for distribution of configuration files and changes
      ... accepting keyboard-interactive/pam. ... This affects all users, and not just root. ... But without PAM, sshd just prompts for password in a little different way. ...
      (freebsd-stable)
    • Re: ssh attacks
      ... you look at the sshd log, most attacks are not really dictionary ... attacks, but go for a few well known account names; ... If, in addition to locking up common accounts like root from ssh, I ...
      (comp.security.ssh)
    • RE: PAM and SSH
      ... It appears that for sshd, sshusers would have to be their primary group ... The nsswitch.conf list files and winbind for groups but the ssh documentation said that only primary groups were used. ... Perhaps a simple PAM module that takes a network description and succeeds if the user's IP is on that network would not be a huge task. ...
      (SSH)