[unisog] step up in SSH scanning starting today?
Christopher A Bongaarts
cab at tc.umn.edu
Tue May 13 17:28:24 GMT 2008
In the immortal words of Michael Holstein:
>
> > Anyone else see a significant rise in SSH dictionary attacks, especially
> > from .KR?
> >
>
> Possibly related to this?
>
> http://lists.debian.org/debian-security-announce/2008/msg00152.html
Strongly doubt it. The debian vulnerability is an issue with key
crypto keys, which uses a different auth mechanism than passwords.
It's possible a sufficiently clever attacker could wrap both attacks
into one, as SSH will let you try keys first, then passwords, in the
same connection.
Most of the rate-limiting/lockout workarounds (DenyHosts happens to be
my preference) should also help protect against brute-forcing private
keys.
%% Christopher A. Bongaarts %% cab at tc.umn.edu %%
%% Internet Services %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the unisog
mailing list