RE: shutting down dictionary attacks

From: Mojito Jones (mojito_at_gmail.com)
Date: 07/06/05

Next message: Bartosz Krajnik: "Re: shutting down dictionary attacks"

Previous message: Mark Hannessen: "OpenSSH/kerberos compile problem."
In reply to: apacheroot_at_web.de: "Re: shutting down dictionary attacks"
Next in thread: Brian J. Woods: "Re: shutting down dictionary attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <apacheroot@web.de>, <secureshell@securityfocus.com>
Date: Wed, 6 Jul 2005 16:21:15 -0400

You probably want to add a --syn to that rule otherwise you will effect
established (ie., your) connections.

> -----Original Message-----
> From: apacheroot@web.de [mailto:apacheroot@web.de]
> Sent: 06 July 2005 11:28
> To: secureshell@securityfocus.com
> Subject: Re: shutting down dictionary attacks
>
>
>
>
> On not to busy boxes one could also use an iptables rule with
> limit something like
>
> iptables -A INPUT -p tcp -dport 22 -m limit --limit 3/second
> --limit-burst 5 -j ACCEPT
> iptables -A INPUT -p tcp -dport 22 -j Log --log-prefix "to much SSh"
>
> Accept normal incoming ssh packets. But when a storm of
> connections comes in like password brute force. It gets
> logged. (One could also drop the packets after log so they
> don´t traverse down the chain till policy hits.)
> Josh Grosse <josh@jggimi.homeip.net> schrieb am 06.07.05 16:38:45:
> >
> > On Tue, Jul 05, 2005 at 02:56:25AM -0000, LD wrote:
> > > The only problem with setting the max to 1 is that if
> you're running an
> > > SSH key agent, your SSH program may attempt key
> authentication. Each key
> > > in the ring counts as 1 authentication try, so this could
> possibly cut you
> > > off if you use keys. Just a warning ;) Easily fixed.
> >
> > Thanks for the warning.
> >
> > I am running with key authentication (RSA), but not with
> forwarding agents --
> > only X11 is tunnelled. So MaxAuthTries 1 works fine with
> OpenSSH or Putty
> > clients.
>
>
> ______________________________________________________________
> ___________
> Mit der Gruppen-SMS von WEB.DE FreeMail können Sie eine SMS an alle
> Freunde gleichzeitig schicken:
> http://freemail.web.de/features/?mc=021179
>
>
>

Next message: Bartosz Krajnik: "Re: shutting down dictionary attacks"

Previous message: Mark Hannessen: "OpenSSH/kerberos compile problem."
In reply to: apacheroot_at_web.de: "Re: shutting down dictionary attacks"
Next in thread: Brian J. Woods: "Re: shutting down dictionary attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]