SecurityFocus

several news stories on Macs being zombies Jan 08 2007 04:03AM
kevhoy (kevhoy gmail com) (2 replies)

RE: several news stories on Macs being zombies Jan 08 2007 05:39PM
Spransy, Derek (DSPRANS emory edu) (1 replies)

Re: several news stories on Macs being zombies Jan 08 2007 06:58PM
gjgowey tmo blackberry net (3 replies)

Re: several news stories on Macs being zombies Jan 16 2007 07:32PM
David Fedoruk (david fedoruk gmail com) (2 replies)

Re: several news stories on Macs being zombies Jan 18 2007 03:23PM
Jeremy Reichman (jjracc rit edu) (1 replies)

Re: several news stories on Macs being zombies Jan 18 2007 03:34PM
Dave Schroeder (das doit wisc edu) (1 replies)

Re: several news stories on Macs being zombies Jan 18 2007 03:48PM
Jeremy Reichman (jjracc rit edu) (1 replies)

Re: several news stories on Macs being zombies Jan 18 2007 03:55PM
Philip Rinehart (philip rinehart yale edu) (1 replies)

Re: several news stories on Macs being zombies Jan 18 2007 04:05PM
Dave Schroeder (das doit wisc edu) (1 replies)

Re: several news stories on Macs being zombies Jan 18 2007 04:50PM
Jeremy Reichman (jjracc rit edu)

Re: several news stories on Macs being zombies Jan 17 2007 02:02AM
david (macosxforme gmail com) (1 replies)

RE: several news stories on Macs being zombies Jan 18 2007 03:16PM
Todd Woodward (todd_woodward symantec com) (1 replies)

Re: several news stories on Macs being zombies Jan 18 2007 03:32PM
Dave Schroeder (das doit wisc edu) (1 replies)

Re: several news stories on Macs being zombies Jan 18 2007 03:52PM
Dave Schroeder (das doit wisc edu)

Re: several news stories on Macs being zombies Jan 09 2007 06:57AM
Nerijus Krukauskas (nkrukauskas gmail com)

On 08/01/07, gjgowey (at) tmo.blackberry (dot) net [email concealed] <gjgowey (at) tmo.blackberry (dot) net [email concealed]> wrote:
> Password access via SSH should be banned. On my colo'd server I have public
> key authentication as the only valid authentication method enabled.
> However, I still notice numerous attempts in my log files of trying brute
> force attacks. I've seen upwards of over 1000+ tries from the same IP in
> some instances. SSH really needs better defense mechanisms against these
> script kiddies like a timeout for some period of time for an IP when they're
> trying an obvious brute force.

I hope you guys are aware of the very neat OpenSSH option
'MaxStartups'. IIRC it's a new feature of some recent OpenSSH
releases. Personally, I like it very much (and have it as low as 2 or
3). :)

Excerpt from 'man sshd_config':

MaxStartups
Specifies the maximum number of concurrent
unauthenticated connections to the SSH daemon. Additional connections
will be dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.

Alternatively, random early drop can be enabled by
specifying the three colon separated values ``start:rate:full'' (e.g.
"10:30:60"). sshd(8) will refuse connection attempts with a
probability of ``rate/100'' (30%) if there are currently ``start''
(10) unauthenticated connections. The probability increases linearly
and all connection attempts are refused if the number of
unauthenticated connections reaches ``full'' (60).

--
http://nk99.org/

[ reply ]

RE: several news stories on Macs being zombies Jan 09 2007 02:56AM
Spransy, Derek (DSPRANS emory edu) (1 replies)

Re: several news stories on Macs being zombies Jan 09 2007 02:50PM
david (macosxforme gmail com) (1 replies)

Re: several news stories on Macs being zombies Jan 09 2007 07:40PM
gjgowey tmo blackberry net

Re: several news stories on Macs being zombies Jan 08 2007 04:57PM
Dave Schroeder (das doit wisc edu)