| |||||||||||||
|
| |||||||||||||
Brute-Force SSH Server Attacks Surge (InformationWeek)Brute-Force SSH Server Attacks Surge (InformationWeek)Posted May 14, 2008 16:20 UTC (Wed) by ssam (subscriber, #46587)In reply to: Brute-Force SSH Server Attacks Surge (InformationWeek) by AJWM Parent article: Brute-Force SSH Server Attacks Surge (InformationWeek)
4 billion ip address, biggest botnets are of the order of 1 million machines. the default on denyhosts is something like 10 fails per IP address. there are 26^5 = 11 million, 5 character lowercase passwords there are 26^7 = 8 billion, 7 character lowercase passwords Ubuntu does not install an ssh server by default. which consumer distros do? Ubuntu also, by default does not have a root user, so if you want to brute force you have to guess a username as well. crazy idea: what if, once in 10 times, when an ssh login failed, the ssh server pretended that it has succeeded, and gave a pretend shell that did nothing. would that confuse the crackers?
(Log in to post comments)
Brute-Force SSH Server Attacks Surge (InformationWeek) Posted May 14, 2008 16:37 UTC (Wed) by pr1268 (subscriber, #24648) [Link] what if, once in 10 times, when an ssh login failed, the ssh server pretended that it has succeeded, and gave a pretend shell that did nothing. would that confuse the crackers? What you describe sounds like a variation of a honeypot. Interesting concept, IMO, but I'm certain that whatever functionality incorporated in this "pretend" shell would necessarily be a small subset of what a real shell could contain. Taking your idea further, how about a completely "functional" pretend shell whose programs and commands are all faked as well.... Sounds like a lot of work just to snoop on the bad guys, but a peculiarly interesting idea nevertheless...
|
|
||||||||||||