Security Basics mailing list archives
Re: SSH server under attack...
From: gmHumfrey () yahoo com
Date: 26 Jan 2006 04:21:06 -0000
When a machine I support was getting a significant number of ssh password attempts I went searching and found a utility called Daemonshield (http://sourceforge.net/projects/daemonshield/ ) . You can configure it to block the IP address that the attempts are coming from, for a time period that you specify. In the case of the aforementioned system, I set the parameters to 5 attempts locks out for 24 hours. If the system you are supporting as more public requirements you may have to set the lockout value a little higher. In this case, your attacker will likely try different IP addresses, but at 5 attempts per IP address per 24 hours (or whatever you set) they aren't going to get anywhere fast. Please be aware your attacker can still flood your system with attempts and create a DoS . Best Regards Mike Webb --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: SSH server under attack..., (continued)
- Re: SSH server under attack... Matt Alexander (Jan 26)
- Re: SSH server under attack... unixadmin99 (Jan 26)
- Re: SSH server under attack... xyberpix (Jan 30)
- Re: SSH server under attack... Kenton Smith (Jan 25)
- Re: SSH server under attack... Timothy Hall (Jan 26)
- Re: SSH server under attack... hytham . a (Jan 26)
- Re: Re: SSH server under attack... bob (Jan 26)
- Re: SSH server under attack... pg_vlad (Jan 26)
- RE: SSH server under attack... Beauford, Jason (Jan 26)
- RE: SSH server under attack... Byrd, Gregory (Jan 26)
- Re: SSH server under attack... gmHumfrey (Jan 26)