Re: Brute force attacks

["Eric Stacey" <ejstacey () joyrex net>]

If you're talking about ssh brute-force attacks, you can stop/lessen
them a couple ways.

- Use key-based authentication only.
- Implement something like DenyHosts (
http://denyhosts.sourceforge.net/ ) and don't typo too many times (and
have a backup way in).

-Eric

> On 5/31/07, Ali, Saqib < docbook.xml () gmail com> wrote:
> > Brute force attack are common. I get tons of them every day. There is
> > not much you can do.
> >
> > saqib
> > http://www.full-disk-encryption.net
> >
> > On 5/31/07, Mohamad Mneimneh <Mohamad.Mneimneh () dargroup com > wrote:
> > > Hi List,
> > >
> > > I've been experiencing brute force dictionary attacks from various
> > > sources against my gateway. The attacker is trying all kinds of
> > > username/password combinations to get in.
> > >
> > > I have traced the source IP addresses on internet authorities such as
> > > Ripe, Arin & Apnic; the feedback I get is that "Country is really world
> > > wide". I then traced the IPs using visual route, and saw that their
> > > locations vary widely; some of them are in the US, some in China, others
> > > in Poland...
> > >
> > > What are my options in such a case? Have you ever experienced such a
> > > behavior? And what are the best practices that apply?
> > >
> > > Thank you,
> > >
> > > -Mohamad.
> > >
> >
> >
> > --
> > Saqib Ali, CISSP, ISSAP
> > http://www.full-disk-encryption.net
> >