[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Any update on SSH brute force attempts?
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Any update on SSH brute force attempts?
- From: James Riden <j.riden@xxxxxxxxxxxx>
- Date: Sat, 16 Oct 2004 14:57:31 +1300
Jay Libove <libove@xxxxxxxxxxx> writes:
> What are you doing/changing about your SSH configurations to reduce the
> possibility of these attacks finding any kind of hole in the OpenSSH
> software (that's what I run, so that's the only version I'm particularly
> concerned about) ? Are you doing anything at all?
One or more of the following, depending on local requirements:
* Run on a non-standard port - this will stop brain-dead scanning programs
* Use key-based auth instead of passwords
* Restrict what IP addresses are allowed to connect (at your firewall)
* Disable root logins
* Use john or crack to audit password strength
* Use logwatch or similar to monitor failed login attempts
* Make a honeypot and see what techniques people are trying out
(Everyone's forcing version 2 of the protocol, right?)
cheers,
Jamie
--
James Riden / j.riden@xxxxxxxxxxxx / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html