Members
Stats
  • Total Posts: 43399
  • Total Topics: 16500
  • Online today: 2060
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 2054
Total: 2056









Author Topic: Dictionary Attacks on SSH  (Read 4104 times)

0 Members and 1 Guest are viewing this topic.

mikey

  • SCF VIP Member
  • *****
  • Posts: 42
  • KARMA: 15
  • Gender: Male
  • Predator
Dictionary Attacks on SSH
« on: 28. April 2012., 22:21:43 »
So how do you handle dictionary attacks?

Until recently, I used automatic scripts to ban sources. Scripts are too slow. So why can't we just build a simple rule set for the firewall?...perhaps like this;

Code: [Select]
iptables -N SSH_BAN
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_BAN
iptables -A SSH_BAN -m recent --set --name SSH
iptables -A SSH_BAN -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP

iptables-save > /etc/sysconfig/iptables

/sbin/service iptables save


The result;

Code: [Select]
[root@bench ~]# iptables -L -v
Chain INPUT (policy ACCEPT 374M packets, 106G bytes)
 pkts bytes target     prot opt in     out     source               destination
 176K   10M SSH_BAN    tcp  --  any    any     anywhere             anywhere            tcp dpt:ssh state NEW

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 274M packets, 395G bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain SSH_BAN (1 references)
 pkts bytes target     prot opt in     out     source               destination
 176K   10M            all  --  any    any     anywhere             anywhere            recent: SET name: SSH side: source
 164K 9812K DROP       all  --  any    any     anywhere             anywhere            recent: UPDATE seconds: 60 hit_count:
 4 name: SSH side: source
[root@bench ~]#

Works for me. :)

Samker's Computer Forum - SCforum.info

Dictionary Attacks on SSH
« on: 28. April 2012., 22:21:43 »

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Dictionary Attacks on SSH
« Reply #1 on: 29. April 2012., 20:23:07 »
Nice work Mike. :thumbsup:

Few additional details about "Dictionary attacks" for SCF members from Wikipedia:

Quote

In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.

...
Source: http://en.wikipedia.org/wiki/Dictionary_attack



... and one, just for "figure out", YT video:

http://www.youtube.com/watch?v=xR8J_jNw2io



Samker's Computer Forum - SCforum.info

Re: Dictionary Attacks on SSH
« Reply #1 on: 29. April 2012., 20:23:07 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023