Re: shutting down dictionary attacks
From: Guillaume Vissian (somebodyishere_at_gmail.com)
Date: 07/05/05
- Previous message: Guillaume Vissian: "Re: shutting down dictionary attacks"
- In reply to: Guillaume Vissian: "Re: shutting down dictionary attacks"
- Next in thread: LD: "Re: shutting down dictionary attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Jul 2005 13:17:14 +0200 To: "Brian J. Woods" <brianjwd@gmail.com>
perhaps it can help ... :
http://aplawrence.com/Security/sshloginattack.html
G.
2005/7/5, Guillaume Vissian <somebodyishere@gmail.com>:
> Arf, yes you must be right... i didn't take care of the OS... Also i
> don't understand those attacks... Have somebody any idea ?
>
> 2005/7/5, Brian J. Woods <brianjwd@gmail.com>:
> > Guillaume Vissian wrote:
> >
> > >With reflexion PAM is for sure responsible of this, i think the sshd
> > >is still connected to PAM who is responsible of password login, i
> > >think that disconnect sshd from PAM maybe a way to stop those kind of
> > >attack, another way is that script kiddies directly launch a password
> > >AND login command and due to the config are immediately rejected, but
> > >it's log. A way to stop that attacks is to run sshd on another port
> > >and to hide it, but i don't know how you can hidden sshd...
> > >
> > >2005/7/4, Josh Grosse <josh@jggimi.homeip.net>:
> > >
> > >
> > >>On Mon, Jul 04, 2005 at 11:03:15AM -0500, Brian J. Woods wrote:
> > >>
> > >>
> > >>
> > >>>Look at documentation for sshd for StrictMode, the time writing this I
> > >>>didn't have the time. Also MaxAuthTries, try changing the value from the
> > >>>one you have to see if that changes things a bit. I think the problem
> > >>>you have is not so trivial, but this should be an interesting thread on
> > >>>ways to handle this.
> > >>>
> > >>>
> > >>The default for StrictMode is "yes" -- but it just checks users files to
> > >>determine if they're world writeable. I'm not sure how it would apply.
> > >>
> > >>I'm setting MauxAuthTries to 1, the default is 6.
> > >>
> > >>You're right. This is certainly interesting.
> > >>
> > >>
> > >>
> > >
> > >
> > >
> > I don't think OpenBSD uses PAM.
> >
>
- Previous message: Guillaume Vissian: "Re: shutting down dictionary attacks"
- In reply to: Guillaume Vissian: "Re: shutting down dictionary attacks"
- Next in thread: LD: "Re: shutting down dictionary attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
