SCforum.info


SCF Friends

SCF Portal Stats

Members
Stats
  • Total Posts: 17074
  • Total Topics: 4714
  • Online Today: 1968
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Web Design

SCF UnSpam

Friend of WOT


SCF Feedburner

SCF Google+

SCF Facebook

SCF Twitter

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply browse Forum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)




« previous next »
Pages: [1]

Author Topic: Dictionary Attacks on SSH  (Read 816 times)

0 Members and 1 Guest are viewing this topic.

mikey

  • SCF VIP Member
  • *****
  • Posts: 40
  • KARMA: 12
  • Gender: Male
  • Predator
    • VOP
Dictionary Attacks on SSH
« on: 28. April 2012., 21:21:43 »
So how do you handle dictionary attacks?

Until recently, I used automatic scripts to ban sources. Scripts are too slow. So why can't we just build a simple rule set for the firewall?...perhaps like this;

Code: [Select]
iptables -N SSH_BAN
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_BAN
iptables -A SSH_BAN -m recent --set --name SSH
iptables -A SSH_BAN -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP

iptables-save > /etc/sysconfig/iptables

/sbin/service iptables save


The result;

Code: [Select]
[root@bench ~]# iptables -L -v
Chain INPUT (policy ACCEPT 374M packets, 106G bytes)
 pkts bytes target     prot opt in     out     source               destination
 176K   10M SSH_BAN    tcp  --  any    any     anywhere             anywhere            tcp dpt:ssh state NEW

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 274M packets, 395G bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain SSH_BAN (1 references)
 pkts bytes target     prot opt in     out     source               destination
 176K   10M            all  --  any    any     anywhere             anywhere            recent: SET name: SSH side: source
 164K 9812K DROP       all  --  any    any     anywhere             anywhere            recent: UPDATE seconds: 60 hit_count:
 4 name: SSH side: source
[root@bench ~]#
Works for me. :)
Logged
***
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Mikey-PC

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools. ...also the perfect companion for Proxomitron.

"You may never need to outrun a Decepticon, but it's nice to know you can." NW's Bevo

Security [CENTRAL] Forum - SCforum.info

Dictionary Attacks on SSH
« on: 28. April 2012., 21:21:43 »


Samker

  • SCF Administrator
  • *****
  • Posts: 5462
  • KARMA: 114
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Security [CENTRAL] Forum
Re: Dictionary Attacks on SSH
« Reply #1 on: 29. April 2012., 19:23:07 »
Nice work Mike. :thumbsup:

Few additional details about "Dictionary attacks" for SCF members from Wikipedia:

Quote

In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.

...
Source: http://en.wikipedia.org/wiki/Dictionary_attack



... and one, just for "figure out", YT video:

http://www.youtube.com/watch?v=xR8J_jNw2io


Logged
Pages: [1]
« previous next »
 

Enter your email address to receive daily email with 'SCforum.info - Security CENTRAL Forum' newest content:

Terms of Use | Privacy Policy | Advertising