isc.sans.org -- Brute-force SSH Attacks on the Rise
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Two cool blurbs were at the end of the diary entry (an edit, actually):
Quote:
One of our handlers, Jim, pointed me to the DenyHost stat site located at http://stats.denyhosts.net/stats.html. As already mentioned, this does appear to be a significant new trend of which we all should be aware.
Another...
Quote:
Another one of our readers sometimes gives advice/consults for an organization which today was having problems with a server denying access to anyone attempting to connect. The reason was that Sshd was denying all connections due to too many failed login attempts. It was recommended that internal servers could use the default port, but external facing hosts which have a need for ssh should use a non-standard high port. Yes, itt is a form of security by obscurity, but it does defeat brain-dead brute force attacks.
Last edited by unixfool; 05-16-2008 at 07:24 AM.
Reason: Changed [code] tags to [quote] since [code] didn't work so well (had LONG horizontal scroll bars)
Distribution: BeOS, BSD, Caldera, CTOS, Debian, LFS, Mac, Mandrake, Red Hat, Slackware, Solaris, SuSE
Posts: 1,761
Rep:
So, your informing us because of this?
"A flaw in a key part of how Debian-based Linux distributions like Ubuntu secure OpenSSH has put potentially millions of servers at risk from a brute force attack. The attack could have major implications for the Internet.
"The flaw in question was introduced by a Debian-specific patch," Moore told InternetNews.com. "This patch was not pushed upstream to the OpenSSL folks, so only distributions based on Debian have this issue."
"A flaw in a key part of how Debian-based Linux distributions like Ubuntu secure OpenSSH has put potentially millions of servers at risk from a brute force attack. The attack could have major implications for the Internet.
"The flaw in question was introduced by a Debian-specific patch," Moore told InternetNews.com. "This patch was not pushed upstream to the OpenSSL folks, so only distributions based on Debian have this issue."
No. Two separate issues, AFAIK. The Sans guys did mention that there could be a link between the SSL issue and the SSH traffic spike, but that there was nothing (yet) to link the two.
I thought the diary entry would be cool to share and it did elaborate on new Denyhosts functionality.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.