Login or Register to Ask a Question and Join Our Community


Cybersecurity

SSH attacks

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity SSH attacks
# 1  
Old 10-28-2011
SSH attacks
The attached file contains 36 months data sorted in descending order by number of attempts and originating ip address.
Is it possible to block any type of communication with an ip address after so many (5 or 10) failed attempts. The documentation(for Openssh) says that it is possible to slow the login rate after so many (default 10) failed passwords, but that only seems to apply if the perpetrator logs in once and repeatedly enters passwords. If each attempt is only the first attempt then this rule does not apply.
nlcountip.txt (66.2 KB) 
Last edited by jgt; 10-28-2011 at 07:13 PM..
# 2  
Old 10-29-2011
Not sure if this helps. Fail2ban, look it up

fail2ban(8) - Linux man page
# 3  
Old 10-29-2011
Check this iptables article
SSH Dictionary Attack Prevention with iptables HostingFu
# 4  
Old 10-30-2011
Thanks for the links. It's for SCO not Linux, but there was lots of good reading material.
# 5  
Old 11-10-2011
I came up with a rather simple solution (at least I think).
I used a password generator to create a new random 8 character user name.
Assigned a generated password to it, and gave it su privilege.
Then I added "Allowuser xxxxxxx" to sshd_config.
# 6  
Old 11-10-2011
Do you mean you've configured it so only that randomly-generated user can ssh in?
# 7  
Old 11-10-2011
Yes...so first they have to guess the user id, then they have to guess the password.
The users in the office use telnet (port 23) and port 22 is the only open port in the router.
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Homework & Coursework Questions

Report on Javascript attacks on Unix

1. The problem statement, all variables and given/known data: Prepare a report discussing from an administration and security perspective, role and function of a JavaScript within a UNIX network. You should illustrate your answer with practical examples. In particular attention should me paid to... (1 Reply)
Discussion started by: afdesignz
1 Replies

2. Windows & DOS: Issues & Discussions

Stanford security experts unveil defenses against ‘phishing’ attacks

It's an online con that is growing fast and stealing tens of millions of dollars. An e-mail seemingly from a financial institution instructs you to log on to a legitimate-looking Web site. Such “phishing” attacks exploit a universal weakness in online security: passwords. To read the rest of... (0 Replies)
Discussion started by: ZOverLord
0 Replies

3. Cybersecurity

Denial of Services Attacks and Vulnerabilities

I've recently registered for the site and have found it very useful thus far. However, I am a student currently researching network attacks, specifically, denial of services and the damage posed to operating systems. If you have any information about this topic, please send to me. Thanks,... (1 Reply)
Discussion started by: darandkat
1 Replies

4. Cybersecurity

Unix attacks in the last 5 years.

Hi, Could anyone direct me to any sites that have any info on unix attcks or hacks in the last 5 years. This is needed for an assignment. All help would be greatly appreciated. Thanks:) (6 Replies)
Discussion started by: suzant
6 Replies
Login or Register to Ask a Question