Re: protecting multiuser systems from bruteforce ssh attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Eugene Vilensky <evilensky@...> writes:

> 
> Hello,
> 
> What is the best way to protect multiuser systems from brute force
> attacks?  I am setting up a relatively loose DenyHosts policy, but I
> like the idea of locking an account for a time if too many attempts
> are made, but to balance this with keeping the user from making a
> helpdesk call.
> 
> What are some policies/techniques that have worked for this list with
> minimal hassle?
> 
> Thanks!
> 
> -Eugene
> 

I found that moving sshd to listening on a non-standard port cut back
significantly on the number of brute force attacks I was getting.  Obviously,
this doesn't do anything to really protect your system from a brute force
attack.  Some of the other response had some fairly good suggestions for
preventing brute force attacks.

I was seeing several such attacks each week and frequently more than one a day
until I moved my ssh port.  What this mainly does is cut down on the number of
script-kiddie attacks.  The problem is that the script-kiddie attacks cause so
much noise that they potentially hide someone attacking you who you really need
to be concerned about.  If the port/service is open, you really want to be able
to monitor it and cutting down on the noise helps.

Cheers,
Dave


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux