Re: SSH dictionary attack dictionary

[Bruce Curtis <bruce.curtis () NDSU EDU>]

On Aug 10, 2009, at 5:57 PM, Andrew Daviel wrote:
> I used to think these attempts were harmless given the throttling
> used by sshd, until we had a test server hit that was using
> "qazwsxedc".
>
>
> suggested mitigations include moving SSH off of port 22, dynamic
> blocking of guessing hosts (our approach), disabling password logins
> for root (but allowing keys), tunnelling everything through VPNs
> etc. etc.



  Native transport mode IPsec is also an option.  Or even the
experimental Host Identity Protocol (HIP).

  http://www.openhip.org/about.html


  A quote from the article below.

"With this configuration, we will no longer accept any non-IPsec
packets fromguest.example.org, and will also send only IPsec packets
to that host. Now that's what I call real network security."


http://www.debian-administration.org/articles/37


  Some other IPsec links.

  http://www.kame.net/newsletter/20001119/

  http://slackbasics.org/html/ipsec.html

  http://www.felipe-alfaro.org/blog/2005/11/19/ipsec-transport-mode-with-x509-certificates/

  http://lartc.org/howto/lartc.ipsec.html

  http://lartc.org/howto/lartc.ipsec.automatic.keying.html

  http://developer.apple.com/documentation/Darwin/Reference/Manpages/man8/setkey.8.html#/
/apple_ref/doc/man/8/setkey

http://developer.apple.com/documentation/Darwin/Reference/Manpages/man8/racoon.8.html#/
/apple_ref/doc/man/8/racoon






---
Bruce Curtis                         bruce.curtis () ndsu edu
Certified NetAnalyst II                701-231-8527
North Dakota State University