Eugene Vilensky <evilensky@...> writes:
Hello,
What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with keeping the user from making a helpdesk call.
What are some policies/techniques that have worked for this list with minimal hassle?
Thanks!
-Eugene
I found that moving sshd to listening on a non-standard port cut back significantly on the number of brute force attacks I was getting. Obviously, this doesn't do anything to really protect your system from a brute force attack. Some of the other response had some fairly good suggestions for preventing brute force attacks.
I was seeing several such attacks each week and frequently more than one a day until I moved my ssh port. What this mainly does is cut down on the number of script-kiddie attacks. The problem is that the script-kiddie attacks cause so much noise that they potentially hide someone attacking you who you really need to be concerned about. If the port/service is open, you really want to be able to monitor it and cutting down on the noise helps.
Cheers, Dave