LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 05-16-2008, 07:10 AM   #1
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
isc.sans.org -- Brute-force SSH Attacks on the Rise


http://isc.sans.org/diary.html?storyid=4408

Two cool blurbs were at the end of the diary entry (an edit, actually):

Quote:
One of our handlers, Jim, pointed me to the DenyHost stat site located at http://stats.denyhosts.net/stats.html. As already mentioned, this does appear to be a significant new trend of which we all should be aware.
Another...

Quote:
Another one of our readers sometimes gives advice/consults for an organization which today was having problems with a server denying access to anyone attempting to connect. The reason was that Sshd was denying all connections due to too many failed login attempts. It was recommended that internal servers could use the default port, but external facing hosts which have a need for ssh should use a non-standard high port. Yes, itt is a form of security by obscurity, but it does defeat brain-dead brute force attacks.

Last edited by unixfool; 05-16-2008 at 07:24 AM. Reason: Changed [code] tags to [quote] since [code] didn't work so well (had LONG horizontal scroll bars)
 
Old 05-17-2008, 09:18 PM   #2
bsdunix
Senior Member
 
Registered: May 2006
Distribution: Caldera, CTOS, Debian, FreeBSD, Mac OS X, Mandrake, Minix, OpenBSD, Slackware, SuSE
Posts: 1,757

Rep: Reputation: 78
So, your informing us because of this?

"A flaw in a key part of how Debian-based Linux distributions like Ubuntu secure OpenSSH has put potentially millions of servers at risk from a brute force attack. The attack could have major implications for the Internet.

"The flaw in question was introduced by a Debian-specific patch," Moore told InternetNews.com. "This patch was not pushed upstream to the OpenSSL folks, so only distributions based on Debian have this issue."


http://www.serverwatch.com/news/article.php/3747531

DSA-1571-1 openssl -- predictable random number generator
http://www.debian.org/security/2008/dsa-1571

"... never fix a bug you donít understand ..."
http://www.links.org/?p=327

Last edited by bsdunix; 05-17-2008 at 09:41 PM.
 
Old 05-17-2008, 09:33 PM   #3
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Original Poster
Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by bsdunix View Post
So, your informing us because of this?

"A flaw in a key part of how Debian-based Linux distributions like Ubuntu secure OpenSSH has put potentially millions of servers at risk from a brute force attack. The attack could have major implications for the Internet.

"The flaw in question was introduced by a Debian-specific patch," Moore told InternetNews.com. "This patch was not pushed upstream to the OpenSSL folks, so only distributions based on Debian have this issue."


http://www.serverwatch.com/news/article.php/3747531
No. Two separate issues, AFAIK. The Sans guys did mention that there could be a link between the SSL issue and the SSH traffic spike, but that there was nothing (yet) to link the two.

I thought the diary entry would be cool to share and it did elaborate on new Denyhosts functionality.
 
Old 05-17-2008, 09:43 PM   #4
bsdunix
Senior Member
 
Registered: May 2006
Distribution: Caldera, CTOS, Debian, FreeBSD, Mac OS X, Mandrake, Minix, OpenBSD, Slackware, SuSE
Posts: 1,757

Rep: Reputation: 78
Quote:
Originally Posted by unixfool View Post
No. Two separate issues, AFAIK. ...
OK, thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cyber Security Awareness Month at isc.sans.org unixfool Linux - Security 2 11-02-2007 08:35 PM
LXer: Preventing Brute Force Attacks With Fail2ban On OpenSUSE 10.3 LXer Syndicated Linux News 0 10-15-2007 03:50 PM
LXer: Preventing Brute Force Attacks With BlockHosts On Debian Etch LXer Syndicated Linux News 0 09-30-2007 08:50 AM
LXer: Protect SSH from brute force attacks with pam_abl LXer Syndicated Linux News 0 03-26-2007 07:32 PM
Question on Brute Force Attacks Mad Mike Linux - Security 4 10-16-2006 10:25 PM


All times are GMT -5. The time now is 01:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration