Re: SSH Cracking Attempts

• Previous message: Jacob S: "Re: Firefox Install"
• In reply to: Matthijs: "Re: SSH Cracking Attempts"
• Next in thread: Jon Dowland: "Re: SSH Cracking Attempts"
• Reply: Jon Dowland: "Re: SSH Cracking Attempts"
• Reply: Matthijs: "Re: SSH Cracking Attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 29 Sep 2004 16:08:53 -0500
To: debian-user@lists.debian.org

On Wed, 29 Sep 2004 21:55:59 +0200
Matthijs <vanaalten@hotmail.com> wrote:

> On Wed, 29 Sep 2004 21:10:24 +0200, Jacob S <stormspotter@6Texans.net>
> wrote:
>
> > So, my question is this. Is there a way to tell ssh to refuse
> > connections from an ip address after a certain number of failed
> > login attempts, or is snort the only way to do something like this?
> > So far I've been taking the manual approach, blocking the ip address
> > with my firewall after I see it hitting the logs, but that can give
> > them about an hour to play before I notice it (e-mailed to me by
> > logcheck).
>
> It's not really what you're asking, but:
> In the dutch computer magazine C't, I read an article a few months ago
> about protecting your computer using a port knocking system. If I
> remember correctly, you can close a port (your SSH port, for example)
> and only open it when a pre-defined pattern of access attempts on a
> pre-defined port (unused for applications) is applied. The SSH port
> can then be set to open in your firewall, perhaps only for the
> IP-adress that performed the knocking sequence.

hmm... You're right, it's not what I'm looking for, but it still sounds
like a good concept. I'd be interested in learning more about that, if
not for this use with ssh, I have a couple other applications it could
work with on servers.

> That way, the SSH port is closed and only someone who knows the
> appropriate port knocking sequence can open the port - and then set up
> an SSH session. Your ssh logfile should then no longer show up illegal
> access attempts.
>
> Some applications were named in the article - if you want, I can look
> them up and post the names.

Yes, please. Unfortunately, I can't read Dutch. :-)

Thanks,
Jacob

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Jacob S: "Re: Firefox Install"
• In reply to: Matthijs: "Re: SSH Cracking Attempts"
• Next in thread: Jon Dowland: "Re: SSH Cracking Attempts"
• Reply: Jon Dowland: "Re: SSH Cracking Attempts"
• Reply: Matthijs: "Re: SSH Cracking Attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: ssh gives "Permission denied, please try again" ... port 22 on your internal machine, so you will need to keep ssh up to ... I configure the router to forward a different external port to 22 on my ... For good measure pick usernames that are none obvious, ... root/password: 163 times ... (uk.comp.os.linux) [NEWS] SSH service at Dell DRAC4 Denial of Service (Mocana) ... SSH service at Dell DRAC4 Denial of Service ... Dell Remote Access Card 4 allows customers to effectively manage ... After the use of such a port scanner, ... (Securiteam) Re: Somebody is keep trying to ssh into my systems, how can I stop that? ... open port. ... All port knocking does is OPEN a port. ... A MITM attack would be a concern of the SSH user, ... (comp.os.linux.security) Re: Remote Desktop directly to another computer on the network ... default port... ... And there is no reason for me to believe that ssh ... When I have a multibillion company I will use the key pair, ... WinSCP for that to access my home SSH server. ... (microsoft.public.windowsxp.work_remotely) Re: SSH safety ... SSH safety (J.L. ... FC3 missing KDE menu items ... I was wondering how safe it is to open the ssh port up to the internet. ... (Fedora)