[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: Any update on SSH brute force attempts?

To: Jay Libove <libove-fulldisc@xxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Re: Any update on SSH brute force attempts?
From: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 16 Oct 2004 10:05:36 -0400

> And the few present users attempted:
> adm
> apache
> nobody
> operator
> root


In addition to what others have suggested, you could use PAM to enforce
account lockouts in the event that the attacker does focus the attempts
on a real account.  The Linux module for this is pam_tally.  You can
also put an unlock script on a cron job to then prevent DoS of all of
your accounts.  Not perfect, but effective.

hth,
tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Any update on SSH brute force attempts?
  - From: Jay Libove
- [Full-Disclosure] Re: Any update on SSH brute force attempts?
  - From: Jay Libove

Prev by Date: [Full-Disclosure] Senior M$ member says stop using passwords completely!
Next by Date: RE: [Full-Disclosure] Re: Any update on SSH brute force attempts?
Previous by thread: [Full-Disclosure] Re: Any update on SSH brute force attempts?
Next by thread: RE: [Full-Disclosure] Re: Any update on SSH brute force attempts?
Index(es):
- Date
- Thread