Educause Security Discussion mailing list archives
Re: SSH dictionary attack dictionary
From: Bruce Curtis <bruce.curtis () NDSU EDU>
Date: Tue, 11 Aug 2009 13:02:29 -0500
On Aug 10, 2009, at 5:57 PM, Andrew Daviel wrote:
I used to think these attempts were harmless given the throttling used by sshd, until we had a test server hit that was using "qazwsxedc". suggested mitigations include moving SSH off of port 22, dynamic blocking of guessing hosts (our approach), disabling password logins for root (but allowing keys), tunnelling everything through VPNs etc. etc.
Native transport mode IPsec is also an option. Or even the experimental Host Identity Protocol (HIP). http://www.openhip.org/about.html A quote from the article below. "With this configuration, we will no longer accept any non-IPsec packets fromguest.example.org, and will also send only IPsec packets to that host. Now that's what I call real network security." http://www.debian-administration.org/articles/37 Some other IPsec links. http://www.kame.net/newsletter/20001119/ http://slackbasics.org/html/ipsec.html http://www.felipe-alfaro.org/blog/2005/11/19/ipsec-transport-mode-with-x509-certificates/ http://lartc.org/howto/lartc.ipsec.html http://lartc.org/howto/lartc.ipsec.automatic.keying.html http://developer.apple.com/documentation/Darwin/Reference/Manpages/man8/setkey.8.html#/ /apple_ref/doc/man/8/setkey http://developer.apple.com/documentation/Darwin/Reference/Manpages/man8/racoon.8.html#/ /apple_ref/doc/man/8/racoon --- Bruce Curtis bruce.curtis () ndsu edu Certified NetAnalyst II 701-231-8527 North Dakota State University
Current thread:
- SSH dictionary attack dictionary Andrew Daviel (Aug 10)
- <Possible follow-ups>
- Re: SSH dictionary attack dictionary Patrick P Murphy (Aug 10)
- Re: SSH dictionary attack dictionary Brad Edmondson (Aug 10)
- Re: SSH dictionary attack dictionary Patrick P Murphy (Aug 11)
- Re: SSH dictionary attack dictionary John Kristoff (Aug 11)
- Re: SSH dictionary attack dictionary Bob Bayn (Aug 11)
- Re: SSH dictionary attack dictionary Chris Schenk (Aug 11)
- Re: SSH dictionary attack dictionary Louis Anthony Arminio (Aug 11)
- Re: SSH dictionary attack dictionary Di Fabio, Andrea (Aug 11)
- Re: SSH dictionary attack dictionary Bruce Curtis (Aug 11)
- Re: SSH dictionary attack dictionary Plesco, Todd (Aug 11)
- Re: SSH dictionary attack dictionary Andrew Daviel (Aug 11)