[CentOS] Is there an openssh security problem?

Fri Jul 10 13:51:24 UTC 2009
Rob Kampen <rkampen at kampensonline.com>

Coert Waagmeester wrote:
> On Thu, 2009-07-09 at 15:18 -0700, Bill Campbell wrote:
>   
>> This appeared today on Macworld, an article saying this is
>> probably a hoax:
>>
>> http://www.macworld.com/article/141628/2009/07/openssh_securityhoax.html?lsrc=rss_main
>>
>> Bill
>>     
>
> In my iptables setup I have the following rule: (excuse the ugly line
> breaks)
>
> /sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \
> --dport 22 -m state -m recent --state NEW --update --seconds 15 -j \
> DROPLOG
>
> /sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \
> --dport 22 -m state -m recent --state NEW --set -j ACCEPT
>
> /sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \
> --dport 22 -m state --state ESTABLISHED --state RELATED -j ACCEPT
>
> it only allows one NEW connection to ssh per minute.
>
> That is also a good protection right?
>
>
> Regards,
> Coert
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   
Not really protection - rather a deterrent - it just makes it slower for 
the script kiddies that try brute force attacks - they have to pace 
themselves to one try per minute rather than one or two per second. Thus 
they normally move on to an easier target.
You can also use iptables to allow say four attempts from an IP and 
then  block for 5 or more minutes - this is what I use.
HTH
Rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rkampen.vcf
Type: text/x-vcard
Size: 196 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090710/764cb217/attachment-0005.vcf>