Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Advice on dealing with scripted SSH attacks?

from [Tevfik Karagülle] Network Security [Permanent Link]
Subject: RE: Advice on dealing with scripted SSH attacks?
Date: Tue, 28 Mar 2006 22:04:47 +0200 

http://denyhosts.sf.net  might be for you.

Tev

http://itefix.no/copssh 


-----Original Message-----
From: Zembower, Kevin [mailto:kzembowe@jhuccp.org] 
Sent: 28. mars 2006 16:13
To: secureshell@securityfocus.com
Subject: Advice on dealing with scripted SSH attacks?

What's the current advice on dealing with scripts that 
repeatedly try to log onto SSH using a list of common 
usernames and 'password' for the password? I get up to 4,000 
of these a day from a single server. In searching Google on 
this, I've learned of techniques using PAM and firewall rules 
that are created dynamically in response to log-in attempts.

Can someone point out a link or tell me what they think are 
the best practices for dealing with this? Sooner or later, 
one of my users is going to have the unfortunate combination 
of a common user name and a bad password. 

Ideally, what I'd like would be a system that exponentially 
increases the timeout period after each repeated failed login 
attempt from the same host up to a maximum of 10-20 minutes 
before resetting.

Thanks for your advice.

-Kevin Zembower
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SFTP only, Jeff Rosowski
Next by Date:  RE: Advice on dealing with scripted SSH attacks?, Stowe, Will
Previous by Thread:  Advice on dealing with scripted SSH attacks?, Zembower, Kevin
Next by Thread:  RE: Advice on dealing with scripted SSH attacks?, Stowe, Will
Indexes:  [Date] [Thread] [Top] [All Lists]