Full Disclosure mailing list archives

Re: Re: Any update on SSH brute force attempts?

From: Tim <tim-security () sentinelchicken org>
Date: Sat, 16 Oct 2004 10:05:36 -0400

And the few present users attempted:
adm
apache
nobody
operator
root



In addition to what others have suggested, you could use PAM to enforce
account lockouts in the event that the attacker does focus the attempts
on a real account.  The Linux module for this is pam_tally.  You can
also put an unlock script on a cron job to then prevent DoS of all of
your accounts.  Not perfect, but effective.

hth,
tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Any update on SSH brute force attempts? Jay Libove (Oct 15)
- Re: Any update on SSH brute force attempts? James Riden (Oct 15)
  - Re: Any update on SSH brute force attempts? Kevin (Oct 15)
    - Re: Any update on SSH brute force attempts? Frank Knobbe (Oct 16)
- Message not available
  - Re: Any update on SSH brute force attempts? Jay Libove (Oct 16)
    - Re: Re: Any update on SSH brute force attempts? Tim (Oct 16)
    - RE: Re: Any update on SSH brute force attempts? Sean Crawford (Oct 16)
- Re: Any update on SSH brute force attempts? Dave Ewart (Oct 18)
  - Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
    - Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
    - Re: Re: Any update on SSH brute force attempts? Raj Mathur (Oct 18)
    - Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
    - Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
    - Re: Re: Any update on SSH brute force attempts? Dave Ewart (Oct 18)
    - Re: Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
    - Re: Re: Re: Any update on SSH brute force attempts? Ronny Adsetts (Oct 19)

(Thread continues...)