Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Brute force attacks

from [David Bergert] Network Security [Permanent Link]
Subject: Re: Brute force attacks
Date: Thu, 31 May 2007 15:30:49 -0500
You don't state what type of system or service that you are detecting the events against....

for SSH here are some tips:
http://www.fduran.com/wordpress/defending-against-ssh-brute-force-attacks/

I personally run ssh on an alternative port to discourse automated scripts and run http://denyhosts.sourceforge.net/ to block ip's after a certain number of invalid attempts for a period of time. and this has stopped the noise in my /var/log/secure logs.

Regards,
DB
http://www.infosecblurb.com

Ali, Saqib wrote: 
Brute force attack are common. I get tons of them every day. There is
not much you can do.

saqib
http://www.full-disk-encryption.net

On 5/31/07, Mohamad Mneimneh <Mohamad.Mneimneh@dargroup.com> wrote: 
Hi List,

I've been experiencing brute force dictionary attacks from various
sources against my gateway. The attacker is trying all kinds of
username/password combinations to get in.

I have traced the source IP addresses on internet authorities such as
Ripe, Arin & Apnic; the feedback I get is that "Country is really world
wide". I then traced the IPs using visual route, and saw that their
locations vary widely; some of them are in the US, some in China, others
in Poland...

What are my options in such a case? Have you ever experienced such a
behavior? And what are the best practices that apply?

Thank you,

-Mohamad.




[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Brute force attacks, krymson
Next by Date:  Re: CCSP Self-Study, Sajed Naseem
Previous by Thread:  Re: Brute force attacks, Eric Stacey
Next by Thread:  Re: Brute force attacks, Manuel Arostegui Ramirez
Indexes:  [Date] [Thread] [Top] [All Lists]