Responding to a Brute Force SSH Attack

Responding to a Brute Force SSH Attack
Jamie Riden

It was a bad start to a Monday morning: I arrived at work to find the intrusion detection system so bogged down in alerts that it was barely responsive.

Expand all | Post comment

Responding to a Brute Force SSH Attack 2008-12-04
p0f-db (1 replies)

Re: Responding to a Brute Force SSH Attack 2008-12-08
Jamie

Responding to a Brute Force SSH Attack 2008-12-08
Mat

Responding to a Brute Force SSH Attack 2008-12-23
Anonymous (1 replies)

Re: Responding to a Brute Force SSH Attack 2009-04-28
Anonymous

Responding to a Brute Force SSH Attack 2009-01-06
Anonymous

Responding to a Brute Force SSH Attack 2009-01-21
Anonymous

Responding to a Brute Force SSH Attack 2009-01-27
Jansen Sena (jansen (at) jsena (dot) info [email concealed])

Responding to a Brute Force SSH Attack 2009-02-23
Anonymous

Responding to a Brute Force SSH Attack 2009-03-11
Anonymous

Responding to a Brute Force SSH Attack 2009-05-11
Anonymous

Port knocking, non standard ports and black listing are failed strategies:

Port knocking just adds another password to guess, it gives some stealth but makes things much more complicated for your uses.

Using a non standard port doesn't change much. First attack is nmap and then you'll get the knowledge with simple telnet:

beta$ telnet myhost 22

Trying 172.16.0.1...

Connected to myhost.examlpe.com.

Escape character is '^]'.

SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901

and black listing? How about white listing, only permit the ranges you know need to contact your server. if you have no business in romania, why do you allow them to ssh to your servers?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1903/1316#1316

Responding to a Brute Force SSH Attack 2009-07-17
Anonymous