[WBEL-users] kill ssh dictionary attacks
khaqq
khaqq at free.fr
Thu Mar 23 07:14:25 CST 2006
On Thu, 23 Mar 2006 22:29:02 +1000
"Graham Waring" <liverbird89 at hotmail.com> wrote:
> G'day everyone,
>
> Not just for whitebox but an email to pass on a link to a pretty cool python
> app for many linux's. Around this time last year this list was discussing
> this very issue and I hope this comes in handy for at least one of you. It
> has always annoyed the cr at p out of me each morning as I go through the logs
> on my linux servers to see attempted ssh connections using every username
> under the sun as some person tries to guess my passwords (dream on) and
> "own" my servers. I have used port knocking which is really good and works
> well, but I ssh to "lots" of remote linux boxes...and I just want to ssh in,
> sometimes as quick as possible without executing a port knock sequence. I
> use it on whitebox, centos, suse, debian and aurora with no problems. It
> just works and when I see "connection refused" in the logs, I declare out
> loud how good it is (even if nobody is listening). Anyway, check out:
> http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
> I hope this is of some use to those who are suffering from the over night
> ssh attempts.
> Sorry if this list is supposed to be whitebox only related chat, I am just
> passing on something that may help.
>
> Cheers
> Graham
Hi Graham and list,
Interesting tool, to say the least. The synchronisation mode looks especially
useful. However, if I was in the business of breaking ssh boxes using
dictionary attacks, I would use a botnet as proxy, making detection harder
(but not impossible).
Using denyhosts is akin to using an antivirus on Win32 boxes : you're well
protected against known virii, but not at all against a new outbreak. Your
defense lags the attack, and there is still a period during which you're
vulnerable.
The knockd daemon, while still imperfect IMHO, provides a better protection,
but maybe that's just me.
Cheers
khaqq
More information about the Whitebox-users
mailing list