lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <582D1141D96FE4542F1ECF7D@utd65257.utdallas.edu>
Date: Thu, 17 Jun 2010 15:19:18 -0500
From: Paul Schmehl <pschmehl_lists@...rr.com>
To: "Randal L. Schwartz" <merlyn@...nehenge.com>,
	Emmanuel VERCHERE <emmanuel.verchere@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: targetted SSH bruteforce attacks

--On Thursday, June 17, 2010 09:38:02 -0700 "Randal L. Schwartz" 
<merlyn@...nehenge.com> wrote:

>>>>>> "Emmanuel" == Emmanuel VERCHERE <emmanuel.verchere@...il.com> writes:
>
> Emmanuel> SSH daemons using password auth exposed to the Internet _do_
> Emmanuel> get bruteforce attempts. I would not recommend moving it to a
> Emmanuel> different port than 22 as that would be of very, _very_ little
> Emmanuel> help - rather switch to public key auth (plus SPA if you're
> Emmanuel> paranoid), et voila.
>
> After being regularly nailed on my port 22, I *did* move it.  I've had
> only *one* attack since then, down by a factor of 20 or so.
>
> Yes, it's worth it to not be on port 22, as long as you're one of the
> few. :)  Remember, these bots are going for low-hanging fruit... it's
> not worth it for them to hit all 65k ports.
>
> Now, if we *all* move away from 22, your advice is more appropriate.

Of course if you do account provisioning correctly and configure your hosts 
securely, you're not exposed on port 22 either.  You just have to deal with the 
constant knocking at the door.  Some of us have simply learned to ignore it. 
It's just the background noise of the internet.

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ