[Dshield] SSH Bots

DigitalNation dshield at digitalnation.ca
Wed Mar 8 01:22:11 GMT 2006


Hi Sean,

You should have a plan "B" network setup set up that you can re-config to if
the main system dies. I am not sure if you have that ability? 

If not than you are certainly at the mercy of the other guy's time frame.
Maybe you could bring up the potential security risks of having only one
admin for this main box to the management?

------------------
M. McBride
Security Admin
DigitalNation
Vancouver, Canada
 


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Sean Smith
Sent: Tuesday, March 07, 2006 12:29 PM
To: General DShield Discussion List
Subject: Re: [Dshield] SSH Bots


>  Just doing some maths in my head, assuming 14 characters in the brute
force and lets assume a simple password of a-z, A-Z and 0-9, plus a few 
> punctation characters -,+,!@#$, that gives 88 characters, thats 88^14
different combinations.  Which is a lot.  An awful lot.  Assuming you can
try one 
> password per second, thats still several thousand (million?) years
before you try them all.  I say one per second so it allows for connection
time.  Our 
> linux boxes allow for three attempts, each one taking longer before
returning success or failure, then you get disconnected and need to
reconnect.  I > think we've still got the time outs on the actual sessions
as well, but not sure. 
> (we had problems with that).


So, do you think it is enough to force users towards complex passwords? It
can't hurt, I'm sure. 

I run a secondary server behind our main system and due to corporate
regulations, there is only one person in the entire building allowed access
to the main server system. He normally doesn't have time to address daily
security concerns or check logs every day. I feel like it's a bomb waiting
to go off. 

Is there anything do you guys can suggest in my unfortunate configuration?

S. Smith









_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list