| |||||||||||||
Distributed brute force ssh attacksDistributed brute force ssh attacksPosted Oct 24, 2009 19:47 UTC (Sat) by dmk (subscriber, #50141)In reply to: Distributed brute force ssh attacks by DG Parent article: Distributed brute force ssh attacks
for small usage sites there is also portknocking:
http://www.portknocking.org/
which scans access-patterns to closed ports and reacts to it.
(Log in to post comments)
Distributed brute force ssh attacks Posted Oct 24, 2009 19:51 UTC (Sat) by DG (subscriber, #16978) [Link]
Yes - portknocking is fine for technically able users - I somehow doubt I'd be able to get a random end user to telnet (or whatever) to a couple of ports before they could connect via SSH.
Having to "Log into a firewall" seems much easier for them to grasp - there is no need for them to install any software or do anything 'new'.
Distributed brute force ssh attacks Posted Oct 25, 2009 11:21 UTC (Sun) by oak (subscriber, #2786) [Link]
You could provide users a script that does the port-knocking or "firewall
login" for them + a desktop icon for the script.
And then use a modified denyhosts to monitor failed ssh login attempts
Distributed brute force ssh attacks Posted Oct 25, 2009 14:41 UTC (Sun) by DG (subscriber, #16978) [Link]
Yes - this could work - however it requires distribution of software; my/our approach doesn't....
Each to their own; I'm sure many solutions are better than one :)
|
|||||||||||||