The Optimum Attack Rate For SSH Bruteforce? Once Every Ten Seconds - Slashdot

Catch up on stories from the past week (and beyond) at the Slashdot story archive

×

The Optimum Attack Rate For SSH Bruteforce? Once Every Ten Seconds 167

Posted by Unknown Lamer on Friday April 06, 2012 @02:16PM from the and-that's-why-you-use-denyhosts dept.

badger.foo writes "Remember the glacially slow Hail Mary Cloud SSH bruteforcers? They're doing speedup tweaks and are preparing a comeback, some preliminary data reported by Peter Hansteen appear to indicate. The optimum rate of connections seems to be 1 per ten seconds, smack in the middle of the 'probably human' interval."

This discussion has been archived. No new comments can be posted.

The Optimum Attack Rate For SSH Bruteforce? Once Every Ten Seconds

Search 167 Comments Log In/Create an Account

Comments Filter:

WTF, Editors? (Score:0, Insightful)

by Anonymous Coward writes: on Friday April 06, 2012 @02:23PM (#39600011)

WTF is a "Hail Mary Cloud"?
I clicked the link in the summary, which talks about something I'm supposed to "remember", but must have missed the first time it was discussed. That goes to another summary that also doesn't explain what it is, but also mentions that it's been discussed before. Then I click the link on that summary and I get a big long page of information.
Does anyone review submissions at all before they go live?

Share
twitter facebook
Re:Passwords are for philistines (Score:4, Insightful)

by aztracker1 ( 702135 ) writes: on Friday April 06, 2012 @02:26PM (#39600083) Homepage

RSA key/pair is something you have... you still need something you are, and something you know... Once someone has your key, it's no more secure than your password. A trojan can read local files, just as easily, if not more so than snoop for a password.

Parent Share
twitter facebook
Re:Passwords are for philistines (Score:5, Insightful)

by 0racle ( 667029 ) writes: on Friday April 06, 2012 @02:35PM (#39600193)

If you have a trojan keylogger, you probably don't have to worry about SSH bruteforcing.

Parent Share
twitter facebook
Re:Passwords are for philistines (Score:5, Insightful)

by nine-times ( 778537 ) writes: <nine.times@gmail.com> on Friday April 06, 2012 @03:00PM (#39600521) Homepage

Once someone has your key, it's no more secure than your password.
Whether the token is something you know, something you are, or something you have, it *all* becomes useless once someone else has it. That's not really the issue here. The issue is brute-force attacks on SSH, and using a key makes them significantly more difficult than passwords.
Stealing someone's key/password is not a brute-force attack.

Parent Share
twitter facebook
Re:Funny, I was tweakin' my firewall this morning (Score:5, Insightful)

by Culture20 ( 968837 ) writes: on Friday April 06, 2012 @03:20PM (#39600803)

That's only useful if there's one attacker IP. TFA is talking about a botnet doing the attacking. Hundreds, if not thousands of IPs per minute. The only way to "protect" against that with iptables is to have iptables block all incoming on port 22 from any address. But then you're left with a DDoS where your ssh port is down nearly all the time. Same deal with locking accounts; if hundreds of attempts occur per minute, a lot of accounts can be locked out as a DDoS, intentionally or not.

Parent Share
twitter facebook
Re:Seems Easy To Detect (Score:5, Insightful)

by TheRaven64 ( 641858 ) writes: on Friday April 06, 2012 @04:33PM (#39601581) Journal

The problem is that botnets have a lot of IP addresses. They can do one try from one machine then another from the next. If you disable the account entirely after a certain number of failed logins, you've just created a simple DoS attack. If you disable it just from that IP, it doesn't matter because it will just try from another. There are some realtime block lists that you can use to reject things, but these add another attack route that can let someone who can spoof DNS prevent you from logging in to your own machine...

Parent Share
twitter facebook
Re:Passwords are for philistines (Score:5, Insightful)

by nine-times ( 778537 ) writes: <nine.times@gmail.com> on Friday April 06, 2012 @04:54PM (#39601803) Homepage

That's nice in theory and all, but it depends on what that "something you are" is. Essentially we're talking about biometrics, so what are we measuring? Is it a thumbprint scan? Those have been defeated in the past by taking a thumbprint and replicating it by some means. Is it a DNA scan? Then they might just need to get ahold of your DNA.
Really, the "something you are" is still "something you have", but you "have" it attached to your body. That doesn't necessarily mean it can't be stolen or replicated somehow. Similarly, the "something you know" can also be considered to be "something you have", but you "have" it in your mind. In some circumstances, it can still be figured out or retrieved, or you might be tricked into providing it.
Real security isn't quite as simple as you make it sound.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

Old programmers never die, they just hit account block limit.