Re: [opensuse] Coordinated, distributed ssh attacks?

---

• From: Greg Freemyer <greg.freemyer@xxxxxxxxx>
• Date: Mon, 5 Oct 2009 16:03:54 -0400

---

On Mon, Oct 5, 2009 at 2:46 PM, John Andersen <jsamyth@xxxxxxxxx> wrote:

Joop Beris wrote:

On Saturday 03 October 2009 17:16:09 Per Jessen wrote:

I've just remembered the only drawback - using rsync, scp and others who
use ssh under the covers does become a little tiresome, but I think
both rsync and scp have environment variables that'll set a usable
default so you don't have to specify the new port all the time.

Fail2ban is your friend: http://www.fail2ban.org/wiki/index.php/Main_Page

I use it to protect my home server against SSH and Apache attacks. Works like
a charm and I don't have to use the "security through obscurity" approach by
running my ssh daemon on a different port. Sure, it will stop scripted
attacks, but it breaks rsync et al.

HTH,

Joop

You've misinterpreted the entire thread.  Slow distributed ssh attacks
go right thru Fail2ban, because they don't hit you from the same address
and they don't hit you in quick succession.

So is it also true that denyhosts is failing to block these attacks?
Even if you pull down rogue IPs from the denyhosts central DB?

Thanks
Greg
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

---

• Follow-Ups:
  • Re: [opensuse] Coordinated, distributed ssh attacks?
    • From: John Andersen

• References:
  • [opensuse] Coordinated, distributed ssh attacks?
    • From: Per Jessen
  • Re: [opensuse] Coordinated, distributed ssh attacks?
    • From: Per Jessen
  • Re: [opensuse] Coordinated, distributed ssh attacks?
    • From: Per Jessen
  • Re: [opensuse] Coordinated, distributed ssh attacks?
    • From: Joop Beris
  • Re: [opensuse] Coordinated, distributed ssh attacks?
    • From: John Andersen

• Prev by Date: Re: [opensuse] Coordinated, distributed ssh attacks?
• Next by Date: Re: [opensuse] Goblin a la a recent openSUSE News Letter
• Previous by thread: Re: [opensuse] Coordinated, distributed ssh attacks?
• Next by thread: Re: [opensuse] Coordinated, distributed ssh attacks?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [opensuse] Coordinated, distributed ssh attacks? ... I use it to protect my home server against SSH and Apache attacks. ... but it breaks rsync et al. ... Deny hosts is a losing battle. ... (SuSE) Re: [SLE] stopping dictionary attacks on sshd (a tcp_wrappers problem) ... ssh login does not work when one has just booted, until jifie gets 0 and starts incrementing, then it works. ... We need open ssh connections from the outside. ... We want to defend against these attacks in a reasonable way. ... logsurfer is used because I don't know a better log watching and event ... (SuSE) RE: Deliberately create slow SSH response? ... Asunto: RE: Deliberately create slow SSH response? ... The brute force attacks are most likely automated, ... Have you thought about limiting access to the service to only certain IPs? ... (SSH) Fwd: CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations ... Multiple vendors' implementations of the secure shell (SSH) transport ... The vulnerabilities affect SSH ... SSH clients can reduce the risk of attacks by only connecting to ... (Bugtraq) RE: OT: Security.... ... > SSH sessions. ... Consequently, most spoofing attacks ... traffic based on communication AFTER TCP connection set up only effects the ... addresses on SSH sessions required two-way communication wasn't clear--my ... (Fedora)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > SuSE  > 2009-10