lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6ec88adc041015212349835e95@mail.gmail.com>
From: KKadow at gmail.com (Kevin)
Subject: Any update on SSH brute force attempts?

On Sat, 16 Oct 2004 14:57:31 +1300, James Riden <j.riden@...sey.ac.nz> wrote:
> Jay Libove <libove@...ines.org> writes:
> > What are you doing/changing about your SSH configurations to reduce the
> > possibility of these attacks finding any kind of hole in the OpenSSH
> > software (that's what I run, so that's the only version I'm particularly
> > concerned about) ?  Are you doing anything at all?

Use one time passwords (OTP, e.g. S/Key).
Restrict which addresses are allowed to connect (via
/etc/hosts.allow), and/or which user accounts are allowed from which
sources (using AllowUsers in sshd_config).

I l prefer to bind the listener to a specific IP address on hosts with
multiple addresses, the BOFH might choose to have a  tarpit *:22/TCP
listener on hosts with many alias IPs..


> One or more of the following, depending on local requirements:
> 
> * Run on a non-standard port - this will stop brain-dead scanning programs
> * Use key-based auth instead of passwords
> * Restrict what IP addresses are allowed to connect (at your firewall)
> * Disable root logins
> * Use john or crack to audit password strength
> * Use logwatch or similar to monitor failed login attempts
> * Make a honeypot and see what techniques people are trying out
> 
> (Everyone's forcing version 2 of the protocol, right?)

$ sudo tail -5 /etc/ssh/sshd_config
Protocol 2
ListenAddress 172.23.97.2
MaxAuthTries 2
PermitRootLogin no
LogLevel VERBOSE
$ exit

I'm sorely tempted to forgo SSH for telnet encapsulated in SSL (via
stunnel), with non-reusable passwords.  Anybody else remember "Stel"?

Kevin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ