Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: shutting down dictionary attacks

from [Mojito Jones] Network Security [Permanent Link]
Subject: RE: shutting down dictionary attacks
Date: Wed, 6 Jul 2005 16:21:15 -0400 
You probably want to add a --syn to that rule otherwise you will effect
established (ie., your) connections.

 


-----Original Message-----
From: apacheroot@web.de [mailto:apacheroot@web.de] 
Sent: 06 July 2005 11:28
To: secureshell@securityfocus.com
Subject: Re: shutting down dictionary attacks




On not to busy boxes one could also use an iptables rule with 
limit something like

iptables -A INPUT -p tcp -dport 22 -m limit --limit 3/second 
--limit-burst 5 -j ACCEPT
iptables -A INPUT -p tcp -dport 22 -j Log --log-prefix "to much SSh"

Accept normal incoming ssh packets. But when a storm of 
connections comes in like password brute force. It gets 
logged. (One could also drop the packets after log so they 
don´t traverse down the chain till policy hits.)
Josh Grosse <josh@jggimi.homeip.net> schrieb am 06.07.05 16:38:45:


On Tue, Jul 05, 2005 at 02:56:25AM -0000, LD wrote:

The only problem with setting the max to 1 is that if 

you're running an

SSH key agent, your SSH program may attempt key 

authentication.  Each key

in the ring counts as 1 authentication try, so this could 

possibly cut you

off if you use keys.  Just a warning ;)  Easily fixed.


Thanks for the warning.

I am running with key authentication (RSA), but not with 

forwarding agents --

only X11 is tunnelled.  So MaxAuthTries 1 works fine with 

OpenSSH or Putty

clients.



______________________________________________________________
___________
Mit der Gruppen-SMS von WEB.DE FreeMail können Sie eine SMS an alle 
Freunde gleichzeitig schicken: 
http://freemail.web.de/features/?mc=021179
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  OpenSSH/kerberos compile problem., Mark Hannessen
Next by Date:  Re: shutting down dictionary attacks, Bartosz Krajnik
Previous by Thread:  Re: shutting down dictionary attacks, apacheroot
Next by Thread:  Re: shutting down dictionary attacks, Brian J. Woods
Indexes:  [Date] [Thread] [Top] [All Lists]