Re: ssh brute force attacks
From: Tony Lawrence (pcunix_at_gmail.com)
Date: 03/21/05
- Next message: Shmuel (Seymour J.) Metz: "Re: Access comp.os.linux.misc via the web"
- Previous message: Alan Connor: "Re: M$ Users Learn About Remote Login"
- In reply to: Peter T. Breuer: "Re: ssh brute force attacks"
- Next in thread: unruh-spam_at_physics.ubc.ca: "Re: ssh brute force attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 20 Mar 2005 16:52:45 -0800
Peter T. Breuer wrote:
> Tony Lawrence <pcunix@gmail.com> wrote:
I deleted a bunch of Peter's typical red herrings and nit-pickings.
Perter loves to try to get people caught up in unimportant details,
arguing about semantics or the precise meanings of words. This lets
him pretend he's shattering arguments. Best to ignore him and stick to
the point.
>
> > So the only case where this makes any sense at all would be that
xyz
> > tries to login to my machine, fails, attempts the magic number of
times
> > in the magic time period, and gets locked out.
>
> OH, brilliant, Moriarty. Does it take you THIS long to figure what
> everyone is plainly telling you? That's great.
Yeah, right Peter. You've talked about just about everything BUT that.
And of course conveniently cut out the important part of what I said
there, which is that the attempted hacker now decides to take revenge
with a DOS attack. Assuming that it's a human anyway, which it
probably was not.
It's extremely unlikely that anyone would turn around a login attempt
to a DOS attack, and you still ignore that it will be EXTREMELY
difficult to simulate logins while spoofing against an sshd that uses
MaxStartups. The real fact probably is that you realize just as well as
I do that this is unlikely, very difficult, and pointless to worry
about. It is EXACTLY what sshd does with MaxStartups; it simply
extends the idea to another level.
And as usual (I've seen you do this so many times), you run away
insisting that the other person is a fool and that you've been right
all along.
I'm not going to let you do it :-)
Show me a technique whereby you can reliably trigger a DOS for a failed
login trap sitting behind a MaxStartups enabled sshd server. You might
accidentally do it for some spoofed IP's, but I don't think you can do
it reliably and it's also impossible for you to even know if you were
successful. And that's my point: this would be a lousy way to do a DOS
against anyone, so if such were your intent, I doubt you'd use it.
C'mon back and blather more about something unrelated, Peter - I expect
nothing less.
-- Tony Lawrence http://aplawrence.com where we don't put up with nonsense like this
- Next message: Shmuel (Seymour J.) Metz: "Re: Access comp.os.linux.misc via the web"
- Previous message: Alan Connor: "Re: M$ Users Learn About Remote Login"
- In reply to: Peter T. Breuer: "Re: ssh brute force attacks"
- Next in thread: unruh-spam_at_physics.ubc.ca: "Re: ssh brute force attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
