Distributed SSH attack
kraduk at googlemail.com
Sat Oct 3 10:03:30 UTC 2009
2009/10/3 Jukka Ruohonen <jruohonen at iki.fi>
> On Fri, Oct 02, 2009 at 05:17:59PM -0400, Greg Larkin wrote:
> > You could set up DenyHosts and contribute to the pool of IPs that are
> > attempting SSH logins on the Net:
> > http://denyhosts.sourceforge.net/faq.html#4_0
> While I am well aware that a lot of people use DenyHosts or some equivalent
> tool, I've always been somewhat skeptical about these tools. Few issues:
> 1. Firewalls should generally be as static as is possible. There is a
> why high securelevel prevents modifications to firewalls.
> 2. Generally you do not want some parser to modify your firewall rules.
> Parsing log entries created by remote unauthenticated users as root is
> never a good idea.
> 3. Doing (2) increases the attack surface.
> 4. There have been well-documented cases where (3) has opened opportunities
> for both remote and local DoS.
> Two cents, as they say,
> freebsd-hackers at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
simplest this to do is disable password auth, and use key based.
More information about the freebsd-hackers