Re: bruteforce ssh
From: David (shadoweyez_at_hotpop.com)
Date: 10/27/05
- Next message: Jack Patteeuw: "wrong authentication protocol attempted"
- Previous message: Todd H.: "Re: Putty: Network error: No route to host"
- In reply to: Ricardo: "bruteforce ssh"
- Next in thread: Mark Rafn: "Re: bruteforce ssh"
- Reply: Mark Rafn: "Re: bruteforce ssh"
- Reply: Wolfgang Meiners: "Re: bruteforce ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Oct 2005 23:44:33 GMT
Any of the methods already listed will do fine, but I've seen these
kinds of attacks on servers before (they are common against ssh servers
now) and the problem is that the attackers will usually change IP
address frequently making the filtering approach useful, but somewhat
marginal.
On my ssh server I use non-standard user names, deny root login, and use
strong passwords, which will keep the automated-dictionary-list script
kiddes out. If you're really paranoid look at the AllowUsers option in
sshd_config to only allow certain users.
I think the long term solution to this problem involves some sort of
built-in mechanism to sshd that would allow exponential-retry login
times, ie
fail seconds till next allowed login
1 1
2 2
3 4
4 8
5 16
Or some other method of maybe port-knocking or auto-blacklisting,
because this problem is growing...
David
Ricardo wrote:
> Hi! all!
> How can I block IP adresses that trying to a Bruteforce atack on my server?
> It is possible?
> Tanks!
>
> Ricardo
> linux_do_It_better!!!
- Next message: Jack Patteeuw: "wrong authentication protocol attempted"
- Previous message: Todd H.: "Re: Putty: Network error: No route to host"
- In reply to: Ricardo: "bruteforce ssh"
- Next in thread: Mark Rafn: "Re: bruteforce ssh"
- Reply: Mark Rafn: "Re: bruteforce ssh"
- Reply: Wolfgang Meiners: "Re: bruteforce ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
