Ruminations on an SSH attack
Ted Roche
tedroche at tedroche.com
Mon Dec 19 09:04:01 EST 2005
Agreed with your settings, and adding a Port setting of other than
the default port 22 eliminates the log bloat from script kiddies.
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com
On Dec 18, 2005, at 8:48 PM, Bill McGonigle wrote:
> On Dec 18, 2005, at 14:46, Bill Sconce wrote:
>
>> It didn't succeed, so far as I've
>> been able to tell)...
>
> I sleep better at night knowing my servers have these lines in them:
>
> Protocol 2
> PermitRootLogin no
> IgnoreRhosts yes
> PasswordAuthentication no
> AllowUsers ...
>
> These settings aren't right for everybody, but they are very right
> for most people I encounter and thwart most dictionary attacks,
> even against weak passwords. I do work at some places with insane
> password policies, and this helps a bit.
>
> The one time I did have to clean up after an ssh break was before I
> adopted this policy, exploited a weak user's password, and,
> fortunately was just limited to a compromise of that one account -
> an ircd was running and a rootkit wasn't installed (though
> certainty on the last point is always in question until you can do
> offline forensics).
>
>> OK, thousands of attempted logins - that's what a dictionary
>> attack IS.
>
> There have also been attempts to find OpenSSL vulnerabilities with
> scripts that look like a dictionary attack (the feint).
>
> -Bill
>
> -----
> Bill McGonigle, Owner Work: 603.448.4440
> BFC Computing, LLC Home: 603.448.1668
> bill at bfccomputing.com Cell: 603.252.2606
> http://www.bfccomputing.com/ Page: 603.442.1833
> Blog: http://blog.bfccomputing.com/
> VCard: http://bfccomputing.com/vcard/bill.vcf
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
More information about the gnhlug-discuss
mailing list