Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: shutting down dictionary attacks

from [Brian J. Woods] Network Security [Permanent Link]
Subject: Re: shutting down dictionary attacks
Date: Fri, 08 Jul 2005 13:37:43 -0500 
apacheroot@web.de wrote:


On not to busy boxes one could also use an iptables rule with limit 
something like

iptables -A INPUT -p tcp -dport 22 -m limit --limit 3/second --limit-burst 5 -j 
ACCEPT
iptables -A INPUT -p tcp -dport 22 -j Log --log-prefix "to much SSh"

Accept normal incoming ssh packets. But when a storm of connections comes in like password brute force. It gets logged. (One could also drop the packets after log so they don´t traverse down the chain till policy hits.)
Josh Grosse <josh@jggimi.homeip.net> schrieb am 06.07.05 16:38:45:


On Tue, Jul 05, 2005 at 02:56:25AM -0000, LD wrote:


The only problem with setting the max to 1 is that if you're running an
SSH key agent, your SSH program may attempt key authentication. Each key
in the ring counts as 1 authentication try, so this could possibly cut you
off if you use keys. Just a warning ;) Easily fixed.


Thanks for the warning.

I am running with key authentication (RSA), but not with forwarding agents --
only X11 is tunnelled. So MaxAuthTries 1 works fine with OpenSSH or Putty
clients.




_________________________________________________________________________
Mit der Gruppen-SMS von WEB.DE FreeMail können Sie eine SMS an alle Freunde gleichzeitig schicken: http://freemail.web.de/features/?mc=021179







Can you do this in pf?

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: shutting down dictionary attacks, Bartosz Krajnik
Next by Date:  ssh password *and* key, yyyyy50
Previous by Thread:  RE: shutting down dictionary attacks, Mojito Jones
Next by Thread:  Re: shutting down dictionary attacks, Darren Tucker
Indexes:  [Date] [Thread] [Top] [All Lists]