Re: shutting down dictionary attacks
From: Josh Grosse (josh_at_jggimi.homeip.net)
Date: 07/15/05
- Previous message: Trevor Mckeown: "unusal error messages ..."
- Maybe in reply to: Josh Grosse: "shutting down dictionary attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Jul 2005 15:19:16 -0400 To: secureshell@securityfocus.com
We've had some discussion about "Failed password" attacks in this thread.
For those of us not using password authentication, that message is
certainly disconcerting.
Way back around July 5, I'd written in response to this question:
>> Are you using password login or Public key, perhaps it's the way, you
> disable the password login and script kiddies are immediately
> rejected...
>
>Public keys (Protocol 2, RSA) only. As I'd stated in my OP, *I* use
>standard clients (Putty/OpenSSH/Portable OpenSSH), and there is no
>password prompt.
>
>I STFAed and learned that the scripts don't check
>auth types, they brute-force passwords anyway.
I found that LogLevel DEBUG3 (or any other DEBUG level) wasn't working for
me with OSSH 4.1 on OBSD; so I ran sshd with "-ddd" manually.
In front of each "Failed password" message, there's a debug2 message that
pops up and makes me feel a whole lot better:
"debug2: Unrecognized authentication method name: password"
"Failed password for invalid user ..."
That certainly confirms that the attempts will fail, even if the attacker
uses a valid user/pw combination.
I have since stopped using port 22; that certainly cuts down on the number
of script kiddies filling up my authlog.
I'm wondering if I'm the only one with LogLevel trouble? If so, I won't
report a bug.
- Previous message: Trevor Mckeown: "unusal error messages ..."
- Maybe in reply to: Josh Grosse: "shutting down dictionary attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
