Re: shutting down dictionary attacks

perhaps it can help ... :
http://aplawrence.com/Security/sshloginattack.html

G.

2005/7/5, Guillaume Vissian <somebodyishere@gmail.com>:
> Arf, yes you must be right... i didn't take care of the OS... Also i
> don't understand those attacks... Have somebody any idea ?
>
> 2005/7/5, Brian J. Woods <brianjwd@gmail.com>:
> > Guillaume Vissian wrote:
> >
> > > With reflexion PAM is for sure responsible of this, i think the sshd
> > > is still connected to PAM who is responsible of password login, i
> > > think that disconnect sshd from PAM maybe a way to stop those kind of
> > > attack, another way is that script kiddies directly launch a password
> > > AND login command and due to the config are immediately rejected, but
> > > it's log. A way to stop that attacks is to run sshd on another port
> > > and to hide it, but i don't know how you can hidden sshd...
> > >
> > > 2005/7/4, Josh Grosse <josh@jggimi.homeip.net>:
> > >
> > >
> > > > On Mon, Jul 04, 2005 at 11:03:15AM -0500, Brian J. Woods wrote:
> > > >
> > > >
> > > >
> > > > > Look at documentation for sshd for StrictMode, the time writing this I
> > > > > didn't have the time. Also MaxAuthTries, try changing the value from the
> > > > > one you have to see if that changes things a bit. I think the problem
> > > > > you have is not so trivial, but this should be an interesting thread on
> > > > > ways to handle this.
> > > > The default for StrictMode is "yes" -- but it just checks users files to
> > > > determine if they're world writeable.  I'm not sure how it would apply.
> > > >
> > > > I'm setting MauxAuthTries to 1, the default is 6.
> > > >
> > > > You're right.  This is certainly interesting.
> > I don't think OpenBSD uses PAM.