| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060420043337.GR902@cat.pdx.edu> Date: Wed, 19 Apr 2006 21:33:38 -0700 From: MaddHatter <maddhatt+bugtraq@....pdx.edu> To: bugtraq@...urityfocus.com Subject: Re: Strengthen OpenSSH security? Brett Glass <brett@...iat.org> said (on 2006/04/17): > To: bugtraq@...urityfocus.com > From: Brett Glass <brett@...iat.org> > Subject: Strengthen OpenSSH security? > > ... > It seems to me that sshd should not tip its hand by returning > different responses ... I agree. I also wish OpenSSH would implement the same security measures already available in other SSH servers and authentication products -- a dynamic black list. The idea is simple, but effective: connections from IP addresses that have failed to authenticate X times in the last Y minutes are refused for Z minutes. For adequate values of Y and Z, brute force attacks quickly lose feasibility.
Powered by blists - more mailing lists