[CentOS] One approach to dealing with SSH brute force attacks.
Les Bell
lesbell at lesbell.com.au
Wed Jan 30 23:18:21 UTC 2008
mouss <mouss at netoyen.net> wrote:
>>
If you consider this security through obscurity, then why not publish
the list of your users on a public web page? after all, you should use
strong passwords, so why hide usernames?
<<
Usernames are comparatively hard to guess, and chosen from a large space -
although email addresses often provide a huge clue. By contrast, there are
only 64K port numbers (and only 1K privileged ports, all of which will be
scanned by default with nmap) - and to make it worse, the attacker only has
to telnet or nc to a port and sshd will obligingly send back its version
number and protocol version info as plaintext. So, the added "obscurity" is
effectively zero.
I sort of half-buy the log volume/noise argument, but rate-limiting and
good analysis tools deal with this as well. And it does nothing for the
stress level, since the serious adversary will see through your
non-standard port number in seconds.
Best,
--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144
FreeWorldDialup: 800909
More information about the CentOS
mailing list