[Eug-lug] source of ssh scanner
Jason
chanjb at yahoo.com
Wed Aug 25 12:23:53 PDT 2004
--- Po Petz <po at ciphermonkeys.org> wrote:
<snip>
> You'd also have to be running OpenSSH with
> "PermitRootLogin yes" for all
> the checkauth("root",,) calls, no?
</snip>
Unfortunately, the default for openssh is yes for
PermitRootLogin. My experience is that most folks
don't perform a lot of sshd configuration - if it
works out of the box, they go with it.
A good countermeasure for brute force attacks of most
sorts is fiddling with the # of login attempts allowed
and/or the wait time between unsuccessful logins.
These tend to wreak havoc with automated tools.
For ssh, you can use MaxAuthTries to limit the number
of auth attempts that are allowed before disconnect.
Once the number of bad attempts reaches half this
number, bad logins are then logged. So, you can tweak
it to 1 or 2 and make things much more difficult for
the attacker while simultaneously getting better
insight into who's attempting to use your box.
Jason
__________________________________
Do you Yahoo!?
Y! Messenger - Communicate in real time. Download now.
http://messenger.yahoo.com
More information about the EUGLUG
mailing list