Increase in SSH attacks as of announcement of rtld bug
Brett Glass
brett at lariat.org
Tue Dec 1 17:41:06 UTC 2009
Everyone:
I don't know if it's a coincidence, but I doubt it is: Since the
announcement of the rtld bug, we've seen a precipitous increase in
the number of SSH password guessing attacks on our systems.
Apparently, the folks who are mounting the attacks (usually via
botnets) have realized that if they get into user shell account on
an unpatched system, they have effectively broken root.
It would be wise for all FreeBSD system administrators to set
AllowUsers as restrictively as possible in sshd_config, and also
(because the attacks can take a great toll on servers in terms of
CPU and other resources) consider other changes to "armor" their
systems against SSH attacks. It may be time, in fact, to consider
implementing single packet authentication as the default in SSH
servers and as a built-in feature in SSH clients. (Does anyone know
of a good SSH client that integrates a single packet authentication
system -- e.g. fwknop? I'm already seeking sources and a toolchain
so that I can try my hand at doing this for TeraTerm.)
--Brett Glass
More information about the freebsd-security
mailing list