Distributed SSH attack
krad
kraduk at googlemail.com
Sat Oct 3 10:03:30 UTC 2009
2009/10/3 Jukka Ruohonen <jruohonen at iki.fi>
> On Fri, Oct 02, 2009 at 05:17:59PM -0400, Greg Larkin wrote:
> > You could set up DenyHosts and contribute to the pool of IPs that are
> > attempting SSH logins on the Net:
> > http://denyhosts.sourceforge.net/faq.html#4_0
>
> While I am well aware that a lot of people use DenyHosts or some equivalent
> tool, I've always been somewhat skeptical about these tools. Few issues:
>
> 1. Firewalls should generally be as static as is possible. There is a
> reason
> why high securelevel prevents modifications to firewalls.
>
> 2. Generally you do not want some parser to modify your firewall rules.
> Parsing log entries created by remote unauthenticated users as root is
> never a good idea.
>
> 3. Doing (2) increases the attack surface.
>
> 4. There have been well-documented cases where (3) has opened opportunities
> for both remote and local DoS.
>
> Two cents, as they say,
>
> Jukka.
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
simplest this to do is disable password auth, and use key based.
More information about the freebsd-hackers
mailing list