[SDBUG] brute force ssh username search on my box
Peter Leftwich_Hostmaster
Hostmaster at Video2Video.Com
Tue Apr 21 22:50:49 PDT 2009
**feels like he's missing something**
Can't a server's Admin set the box so that after (say) 5 incorrect ssh login
attempts, the daemon stalls for a preset time, before it is ready to accept
input again? Not sure what this strategy is called, but would that not make
sense as a defense?
PL
On Tue, Apr 21, 2009 at 10:09 PM, Kevin Stevens <groups at pursued-with.net>wrote:
> On Apr 21, 2009, at 21:58, J. Cordaro wrote:
>
>> Hi,I'm using rootbsd's Omicron package ($40/mo for Xen sharded Xeon E5420
>> - not bad). The problem is I am getting hammered by ssh script kiddies.
>> Based on this doc:
>> http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SSH_logins I've
>> tweaked the sshdaemon and run a sweeper script to add the 'bad' ips to pf's
>> block list. The questions are, 1) should the hosting service block all this
>> junk for me? 2) Should I change the ssh port?Thanks,Jay
>>
> 1) Not unless you want them to and are paying for the service.
> 2) My experience is it doesn't help much. I have ssh responding on two
> ports at my location (one is to the firewall, one forwarded through to a
> bastion server), and I get about equal hits all day long on both service
> ports. (shrug)
>
> Pick really strong passwords or use certs (better).
>
> KeS
More information about the SDBUG
mailing list