User: Password:
|
|
Subscribe / Log in / New account

Distributed brute force ssh attacks

Distributed brute force ssh attacks

Posted Oct 24, 2009 19:47 UTC (Sat) by dmk (subscriber, #50141)
In reply to: Distributed brute force ssh attacks by DG
Parent article: Distributed brute force ssh attacks

for small usage sites there is also portknocking:
http://www.portknocking.org/

which scans access-patterns to closed ports and reacts to it.


(Log in to post comments)

Distributed brute force ssh attacks

Posted Oct 24, 2009 19:51 UTC (Sat) by DG (subscriber, #16978) [Link]

Yes - portknocking is fine for technically able users - I somehow doubt I'd be able to get a random end user to telnet (or whatever) to a couple of ports before they could connect via SSH.

Having to "Log into a firewall" seems much easier for them to grasp - there is no need for them to install any software or do anything 'new'.

Distributed brute force ssh attacks

Posted Oct 25, 2009 11:21 UTC (Sun) by oak (guest, #2786) [Link]

You could provide users a script that does the port-knocking or "firewall
login" for them + a desktop icon for the script.

And then use a modified denyhosts to monitor failed ssh login attempts
from the IP addresses for which the firewall opened a port. Denyhosts
could then e.g. mail the IT admin when too many failed attempts are
noticed. They can then verify (e.g. by phone) that it's the user itself
failing to login (too many times) and not user or user's machine or home
network being compromised...

Distributed brute force ssh attacks

Posted Oct 25, 2009 14:41 UTC (Sun) by DG (subscriber, #16978) [Link]

Yes - this could work - however it requires distribution of software; my/our approach doesn't....

Each to their own; I'm sure many solutions are better than one :)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds