Rundown on SSH Brute Force Attacks 360
An anonymous reader writes "Whitedust has a very interesting article on the recent SSH brute force attacks. The article goes into depth on how to monitor these attackes and to report them to the authorities. It also discusses various tools that are available. According to the article, mostly compromised Linux systems from outside of North America are responsible for the attacks. Even the author's DSL connection was getting break-in attempts."
What next? (Score:4, Insightful)
I think the idea is (Score:2, Insightful)
The idea is old, but the attempt is new (Score:5, Insightful)
Other Slashdot readers are reporting the same effect: a recent rise in brute-force, scripted attacks, possibly by compromised boxes.
Most accounts of all sorts remain secure simply because they're obscure, and it's tempting to be lulled by past successes. We always knew that this was possible, but the fact that somebody is actually doing it is news.
surprising, just May 2005 (Score:3, Insightful)
Re:As always... (Score:5, Insightful)
Use AllowUers and only have acocunts that I want logging in. If some package/whatever creates an account and I don't know, it can't be exploited.
Any login not in that list just gets a Password: promt over and over...
If my sshd_config gets changed I'm probably going to know.
The article states "200 to 300 times per day"...
This is only one box out of 63 for one day:
Authentication Failures:
unknown (xxxx.ip.secureserver.net): 2214 Time(s)
Re:As always... (Score:1, Insightful)
security thru obscurity -> let the ssh deamon listen to a different port, most* automated scripts will fail.
*not for so far I've seen.
It's not the best security, but it will work fine if you're not a big player. And it will make it a bit harder for the scriptkiddies.
[use this advice it at your own risk]
add AllowUsers to /etc/ssh/sshd_config (Score:4, Insightful)
AllowUsers unprivguy *@*.mydomain.com *@localhost
You still see the attempts in your logs, but now you also see:
User root not allowed because not listed in AllowUsers
20th Century Authority (Score:5, Insightful)
The authorities
Better we should self-organize our collective defense.
Peer-to-peer government -- making the nation-state obsolete, one node at a time
-kgj
Re:As always... (Score:4, Insightful)
Why do people use ssh with passwords? (Score:2, Insightful)
Re:As always... (Score:3, Insightful)
If you want to access your home PC use RSA/DSA keys instead. This cuts out all brute force attacks once and for all.
Alternatively use PAM/RADIUS and SecureID. You can buy managed SecureID service for under 100$ per token per year. Costs money, but works fairly well.
Re:As always... (Score:2, Insightful)