Indeed, I agree. The point I'm trying to convey is that if the objective is to reduce the chance of an attack getting through, and given the fact that the service is SSH, then a better solution may be to limit access to trusted IPs. That's all I'm saying :) -----Mensaje original----- De: Bryan Christ [mailto:bryan.christ@xxxxxx] Enviado el: Jueves, 10 de Julio de 2008 01:51 p.m. Para: Sergio Castro CC: 'Zembower, Kevin'; secureshell@xxxxxxxxxxxxxxxxx Asunto: RE: Deliberately create slow SSH response? Sergio, I think Kevin and I realize that dictionary attacks are automated, but a 30-60 second delay would significantly slow them down to the point where it could hardly be called a brute force attack. On Wed, 2008-07-09 at 17:14 +0000, Sergio Castro wrote: > The brute force attacks are most likely automated, so if your > objective is to bore a human to death with 30 second delays, it wont' work. > > Have you thought about limiting access to the service to only certain IPs? > > - Sergio > > -----Mensaje original----- > De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] > En nombre de Zembower, Kevin Enviado el: Miércoles, 09 de Julio de > 2008 11:56 a.m. > Para: secureshell@xxxxxxxxxxxxxxxxx > Asunto: Deliberately create slow SSH response? > > This might seem like a strange question to ask, but is there a way to > deliberately create a slow response to an SSH request? I'm annoyed at > the large number of distributed SSH brute-force attacks on a server I > administer, trying to guess the password for 'root' and other accounts. > I think that my server is pretty secure; doesn't allow root to log in > through SSH, only a restricted number of accounts are allowed SSH > access, with I think pretty good passwords. But still, the attempts annoy me. > > I wouldn't mind if SSH took say 30 seconds to ask me for my password. > This would slow the attempts. Is there any way to configure OpenSSH to > do this? I searched the archives of this group with 'slow' and 'delay' > but didn't come up with anything on this topic. Please point it out to > me if I overlooked anything. In addition, I can limit the number of > SSH connections to 3-5 and still operate okay. > > Ultimately, I need this solution for hosts running OpenSSH_3.9p1 under > RHEL ES 4 and OpenSSH_4.3p2 under Debian 'etch' 4.0 and Fedora Core 6. > > Thanks in advance for your advice and suggestions. > > -Kevin > > Kevin Zembower > Internet Services Group manager > Center for Communication Programs > Bloomberg School of Public Health > Johns Hopkins University > 111 Market Place, Suite 310 > Baltimore, Maryland 21202 > 410-659-6139 > > > __________ NOD32 3255 (20080709) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > __________ NOD32 3257 (20080710) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com
