I love IP Tables....
Wolfgang S. Rupprecht
wolfgang.rupprecht+gnus200705 at gmail.com
Sat May 26 20:16:49 UTC 2007
Tom Rivers <tom at impact-crater.com> writes:
> The best thing I've found to protect against brute-force SSH attacks is
> something called fail2ban:
Such programs help you save the CPU time of sshd answering the
connection from a single abusive host, but would do little against a
distributed botnet attack. Luckily botnets aren't really used against
sshd yet, but it they were you'd potentially be seeing distributed
guessing attacks from 10,000 different hosts. If they all took turns
to guess a single password in round-robin fashion, the filters would
never trip. I don't know if any of the attacking hosts are
cooperating, but I already see a few time-adaptive attacks, where the
attacker returns after an increasing amount of time to try to stay
under the wire.
(Right now spam pays off more, so the money is in using botnets to
send direct spam. At some point it may pay off more to use
compromised sshd hosts, so the economics may change.)
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
Hints for IPv6 on FC6 http://www.wsrcc.com/wolfgang/fedora/ipv6-tunnel.html
More information about the users
mailing list