I love IP Tables.... (really sshd attacks)
Wolfgang S. Rupprecht
wolfgang.rupprecht+gnus200705 at gmail.com
Fri May 25 22:50:09 UTC 2007
"jdow" <jdow at earthlink.net> writes:
> The common attack is a dictionary attack with several attempts a second.
> So of course, they get one shot to crack a password, usually for <snicker>
> root, which is dumb to begin with. After that first attempt they are
> blocked for the rest of their run.
Why not just disallow unix-passwords in ssh? No passwords, no
dictionary attack. Guessing an RSA 1k passowrd by trying each should
keep them busy for quite a long time. (many, many times the lifetime
of the universe even if they can test multiple billions per second.)
Here is a page I wrote years ago when sshd attacker wee starting to
hammer a machine I help run in a university setting. I couldn't be
sure that the users actually had good passwords. This fixed the
problem because it really don't matter at all what passwords they
chose. Ssh never uses those passwords on the wire. The only thing
that matters is the 1k number the computer chose for them.
http://www.wsrcc.com/wolfgang/sshd-config.html
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
Hints for IPv6 on FC6 http://www.wsrcc.com/wolfgang/fedora/ipv6-tunnel.html
More information about the users
mailing list