Login Delay
Andrew W. Gaunt
quantum at lucent.com
Fri Jun 24 11:09:00 EDT 2005
Cole Tuininga wrote:
>On Fri, 2005-06-24 at 08:46 -0400, Dan Jenkins wrote:
>
>
>>Andrew W. Gaunt wrote:
>>
>>
>>
>>>Does anyone on this list know of a way to add a delay to the login
>>>prompt when an unauthorized user attempts to access my linux
>>>box via ssh (port 22)? I've got this port open on the firewall/router
>>>and try to use good passwords and all that.. logwatch reports a
>>>number of unsuccessful attempts daily, I just want to make
>>>it just that much harder and more painful for the bad guys.
>>>
>>>
>>There's a short discussion on the subject here:
>>http://www.webservertalk.com/archive91-2004-10-389670.html
>>
>>As the largest number of SSH attempts in my logs are due to scripted
>>probes, you won't make it particularly more painful (unless you
>>anthropomorphize your attacker's computers ;-). Depending on the method
>>you use, you could even DoS yourself.
>>
>>
>
>I think this misses the OP's original point. I believe what they are
>looking for is a way to have the sshd take a couple seconds before
>replying on an incorrect password. The effect of which would be that it
>takes an automated (or non-automated) script much longer to cycle
>through various possible combinations.
>
>It sounds like a reasonably effective method, presuming the attack isn't
>multi-threaded/process.
>
>Unfortunately, I don't know the answer as to how to do it off the top of
>my head. 8)
>
>
>
Yes, that's it. I'd like a simple way to waste the bad guys CPU time which
has the added benefit of causing them to use my bandwith at a slower
rate (since
their CPU is waiting (assuming not multi-thread). If the delay approaches
infinity asymptotically that would be cool too.
More information about the gnhlug-discuss
mailing list