[nycbug-talk] Fwd: Stopping SSH dictionary attacks?

Bob Ippolito bob
Tue Dec 21 16:02:11 EST 2004


On Dec 21, 2004, at 3:15 PM, G. Rosamond wrote:

> Begin forwarded message:
>
>> From: "Juan J. Martinez" <reidrac at usebox.net>
>> Date: December 21, 2004 1:14:29 PM EST
>> To: misc at openbsd.org
>> Subject: Re: Stopping SSH dictionary attacks?
>>
>>> One solution I'm considering is writing a script that parses authlog 
>>> every hour or so and adds any IPs with more than x failed login 
>>> attempts to ipcop/etc/hosts_deny, am I on the right track with this 
>>> (has someone already done it - I'm a big fan of not re-inventing the 
>>> wheel)?
>>
>> Actually I've done this... however I think its usefulness is limited 
>> (ie. scans from the same IP in different days are rare), but was fun 
>> to code.
>>
>> You can check it at (the package is ssh_blocker):
>> http://blackshell.usebox.net/pub/shell/
>
> This may be relevant to some earlier discussions about openssh 
> security and brute force/dictionary attacks.

It's probably more secure to just turn off PasswordAuthentication.  
Then you don't have to worry about dictionary attacks, and brute force 
wouldn't be feasible.

-bob





More information about the talk mailing list