LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   isc.sans.org -- Brute-force SSH Attacks on the Rise (http://www.linuxquestions.org/questions/linux-security-4/isc-sans-org-brute-force-ssh-attacks-on-the-rise-642625/)

unixfool 05-16-2008 07:10 AM

isc.sans.org -- Brute-force SSH Attacks on the Rise
 
http://isc.sans.org/diary.html?storyid=4408

Two cool blurbs were at the end of the diary entry (an edit, actually):

Quote:

One of our handlers, Jim, pointed me to the DenyHost stat site located at http://stats.denyhosts.net/stats.html. As already mentioned, this does appear to be a significant new trend of which we all should be aware.
Another...

Quote:

Another one of our readers sometimes gives advice/consults for an organization which today was having problems with a server denying access to anyone attempting to connect. The reason was that Sshd was denying all connections due to too many failed login attempts. It was recommended that internal servers could use the default port, but external facing hosts which have a need for ssh should use a non-standard high port. Yes, itt is a form of security by obscurity, but it does defeat brain-dead brute force attacks.

bsdunix 05-17-2008 09:18 PM

So, your informing us because of this?

"A flaw in a key part of how Debian-based Linux distributions like Ubuntu secure OpenSSH has put potentially millions of servers at risk from a brute force attack. The attack could have major implications for the Internet.

"The flaw in question was introduced by a Debian-specific patch," Moore told InternetNews.com. "This patch was not pushed upstream to the OpenSSL folks, so only distributions based on Debian have this issue."


http://www.serverwatch.com/news/article.php/3747531

DSA-1571-1 openssl -- predictable random number generator
http://www.debian.org/security/2008/dsa-1571

"... never fix a bug you donít understand ..." :confused:
http://www.links.org/?p=327

unixfool 05-17-2008 09:33 PM

Quote:

Originally Posted by bsdunix (Post 3156610)
So, your informing us because of this?

"A flaw in a key part of how Debian-based Linux distributions like Ubuntu secure OpenSSH has put potentially millions of servers at risk from a brute force attack. The attack could have major implications for the Internet.

"The flaw in question was introduced by a Debian-specific patch," Moore told InternetNews.com. "This patch was not pushed upstream to the OpenSSL folks, so only distributions based on Debian have this issue."


http://www.serverwatch.com/news/article.php/3747531

No. Two separate issues, AFAIK. The Sans guys did mention that there could be a link between the SSL issue and the SSH traffic spike, but that there was nothing (yet) to link the two.

I thought the diary entry would be cool to share and it did elaborate on new Denyhosts functionality.

bsdunix 05-17-2008 09:43 PM

Quote:

Originally Posted by unixfool (Post 3156617)
No. Two separate issues, AFAIK. ...

OK, thanks.


All times are GMT -5. The time now is 04:52 AM.