Security Basics mailing list archives

Re: help:tool to bruteforce ssh connections

From: Mike Acker <macker () internap com>
Date: Thu, 7 May 2009 11:12:02 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's actually a very effective attack speaking from first hand experience of 
a company we bought. You just need a good dictionary. Many companies do not 
ahve controls in place to detect scans from inside.

As for denyhosts, not everyone runs that. When you have 5000+ ssh servers, 
which are only assessible through a very small amount of gateways into your 
network, does it really make sense to run something like that on each host 
when router ACL's are already denying access? By having all access go though 
a few boxes its much easier to control, not to mention the IT support 
nightmare of running things like denyhosts on every server, i.e. people 
forget they are working as root and start trying to ssh in, etc.

I'de say run denyhosts just on your gateways/entry points, along with other 
below poster of good passwords, authentication such as TACACS, review 
logging, have daily ACL reports which easily pick out ssh scans, etc. 

Andy Harley <morphizer () gmail com> wrote [05.07.09]:

Is ssh brute forcing at all effective? Surely most people running an
ssh server would be wise to checking logs or running something similar
to denyhosts?

On Thu, May 7, 2009 at 3:15 AM, Aarón Mizrachi <unmanarc () gmail com> wrote:

On Miércoles 06 Mayo 2009 06:48:09 vibisreenivasan escribió:

hello,
      is there any tool to bruteforce ssh login.
regards
vibi


THC-Hydra.



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class. Totally hands-on course with evening
Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified
Penetration Tester exams, taught by an expert with years of real pen
testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. 
Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. 
Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------


- -- 

Mike Acker, GIAC
Information Security Analysis
Internap Network Services, Inc.
(c) 206.226.9727


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iEYEARECAAYFAkoDJHEACgkQBFfbgm5FXkXu4ACcCAL8fJzk5V5ekuLVwK2p4ha6
qnIAn0ogu8WKovStApG38P3bS1NJn95+
=8l1o
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

help:tool to bruteforce ssh connections vibisreenivasan (May 06)
- Re: help:tool to bruteforce ssh connections Nikhil Wagholikar (May 06)
- Re: help:tool to bruteforce ssh connections Aarón Mizrachi (May 06)
  - Re: help:tool to bruteforce ssh connections Ell0 (May 07)
    - Re: help:tool to bruteforce ssh connections Mike Acker (May 07)
  - Re: help:tool to bruteforce ssh connections Andy Harley (May 07)
    - Re: help:tool to bruteforce ssh connections Aarón Mizrachi (May 07)
    - Re: help:tool to bruteforce ssh connections Mike Acker (May 08)
- <Possible follow-ups>
- Re: Re: help:tool to bruteforce ssh connections cy10 (May 08)
  - Re: help:tool to bruteforce ssh connections Gregory Boyce (May 11)
- Re: help:tool to bruteforce ssh connections v3nd3rs5uck (May 11)
  - Message not available
    - Message not available
    - Re: help:tool to bruteforce ssh connections kevin fielder (May 20)