[unisog] step up in SSH scanning starting today?

Christopher A Bongaarts cab at tc.umn.edu
Tue May 13 17:28:24 GMT 2008


In the immortal words of Michael Holstein:
> 
> > Anyone else see a significant rise in SSH dictionary attacks, especially 
> > from .KR?
> >   
> 
> Possibly related to this?
> 
> http://lists.debian.org/debian-security-announce/2008/msg00152.html

Strongly doubt it.  The debian vulnerability is an issue with key
crypto keys, which uses a different auth mechanism than passwords.

It's possible a sufficiently clever attacker could wrap both attacks
into one, as SSH will let you try keys first, then passwords, in the
same connection.

Most of the rate-limiting/lockout workarounds (DenyHosts happens to be 
my preference) should also help protect against brute-forcing private
keys.

%%  Christopher A. Bongaarts  %%  cab at tc.umn.edu       %%
%%  Internet Services         %%  http://umn.edu/~cab  %%
%%  University of Minnesota   %%  +1 (612) 625-1809    %%


More information about the unisog mailing list