Full Disclosure mailing list archives
Re: targetted SSH bruteforce attacks
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Thu, 17 Jun 2010 15:19:18 -0500
--On Thursday, June 17, 2010 09:38:02 -0700 "Randal L. Schwartz" <merlyn () stonehenge com> wrote:
"Emmanuel" == Emmanuel VERCHERE <emmanuel.verchere () gmail com> writes:Emmanuel> SSH daemons using password auth exposed to the Internet _do_ Emmanuel> get bruteforce attempts. I would not recommend moving it to a Emmanuel> different port than 22 as that would be of very, _very_ little Emmanuel> help - rather switch to public key auth (plus SPA if you're Emmanuel> paranoid), et voila. After being regularly nailed on my port 22, I *did* move it. I've had only *one* attack since then, down by a factor of 20 or so. Yes, it's worth it to not be on port 22, as long as you're one of the few. :) Remember, these bots are going for low-hanging fruit... it's not worth it for them to hit all 65k ports. Now, if we *all* move away from 22, your advice is more appropriate.
Of course if you do account provisioning correctly and configure your hosts securely, you're not exposed on port 22 either. You just have to deal with the constant knocking at the door. Some of us have simply learned to ignore it. It's just the background noise of the internet. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [SECURITY] [DSA 2062-1] New sudo packages fix environment sanitization bypass vulnerability Giuseppe Iuculano (Jun 17)
- targetted SSH bruteforce attacks Gary Baribault (Jun 17)
- Re: targetted SSH bruteforce attacks Emmanuel VERCHERE (Jun 17)
- Re: targetted SSH bruteforce attacks Gary Baribault (Jun 17)
- Re: targetted SSH bruteforce attacks Randal L. Schwartz (Jun 17)
- Re: targetted SSH bruteforce attacks Paul Schmehl (Jun 17)
- Re: targetted SSH bruteforce attacks Emmanuel VERCHERE (Jun 17)
- Re: targetted SSH bruteforce attacks Adam Richards (Jun 17)
- Re: targetted SSH bruteforce attacks Gary Baribault (Jun 17)
- Re: targetted SSH bruteforce attacks Valdis . Kletnieks (Jun 17)
- Re: targetted SSH bruteforce attacks Michael Holstein (Jun 17)
- Re: targetted SSH bruteforce attacks Gary Baribault (Jun 17)
- Re: targetted SSH bruteforce attacks Bipin Gautam (Jun 17)
- targetted SSH bruteforce attacks Gary Baribault (Jun 17)
- Re: targetted SSH bruteforce attacks Gregory Bellier (Jun 17)
- Re: targetted SSH bruteforce attacks Gary Baribault (Jun 17)
- Re: targetted SSH bruteforce attacks Samuel MartÃn Moro (Jun 17)
- Re: targetted SSH bruteforce attacks yersinia (Jun 23)