Bugtraq mailing list archives
Re: brute force
From: buckaroo () 2600 com (Buckaroo Banzai)
Date: Tue, 16 Jul 1996 17:33:17 -0400
On Thu, 11 Jul 1996 02:54:52 (-0400) Jacob Langseth <jacob () esisys com> said:
} Interestingly, } o It is the ssh client that disconnects after the first failure. } o Sshd (v1.2.13, atleast) will allow unlimited password attempts } and does not produce logs regarding the failure(s). Ok, here's a fix: (against 1.2.14) --- sshd.c.~1~ Thu Jun 6 04:39:34 1996 +++ sshd.c Tue Jul 16 11:41:04 1996 @@ -1247,6 +1247,7 @@ char *client_user; unsigned int client_host_key_bits; MP_INT client_host_key_e, client_host_key_n; + int chances = 3; /* Verify that the user is a valid user. We disallow usernames starting with any characters that are commonly used to start NIS entries. */ @@ -1463,6 +1464,11 @@ break; } debug("Password authentication for %.100s failed.", user); + if (--chances < 0) { + debug("Too many password attempts for %.100s.", user); + packet_disconnect("Too many password attempts."); + /* NOTREACHED */ + } memset(password, 0, strlen(password)); xfree(password); break; } o Ssh is often allowed through otherwise restrictive filters or firewalls. Not where I'm currently working. I've had to set up a tight-binding proxy for the service on a telnet port. } This makes ssh a bit more appealing for brute-force cracks than one might } first suspect... Agreed. I should actually extend this to notify the shadow library of a failed login attempt, and get it to log it in faillog. That way at least the user is made aware that someone has been trying to get in... Buckaroo. -- If I had something funny to say down here, you'd know it.
Current thread:
- Re: brute force Jacob Langseth (Jul 10)
- Re: brute force Buckaroo Banzai (Jul 16)
- Holly Wars Aleph One (Jul 16)
- [linux-security] sliplogin (fwd) Paul Danckaert (Jul 16)
- Re: [linux-security] sliplogin (fwd) Nate Williams (Jul 16)
- HP/UX 10.01 Remote Administration accoun Matt Barrie SYD (Jul 16)
- locate Ian Otsane (Jul 16)
- Re: locate Christian Limpach (Jul 17)
- FreeBSD Security Advisory 96:17 - rzsz FreeBSD Security Officer (Jul 17)
- FreeBSD Security Advisory 96:16 - rdist FreeBSD Security Officer (Jul 17)