RE: Deliberately create slow SSH response?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sergio,

I think Kevin and I realize that dictionary attacks are automated, but a
30-60 second delay would significantly slow them down to the point where
it could hardly be called a brute force attack.

On Wed, 2008-07-09 at 17:14 +0000, Sergio Castro wrote:
> The brute force attacks are most likely automated, so if your objective is
> to bore a human to death with 30 second delays, it wont' work.
> 
> Have you thought about limiting access to the service to only certain IPs?
> 
> - Sergio
> 
> -----Mensaje original-----
> De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En
> nombre de Zembower, Kevin
> Enviado el: Miércoles, 09 de Julio de 2008 11:56 a.m.
> Para: secureshell@xxxxxxxxxxxxxxxxx
> Asunto: Deliberately create slow SSH response?
> 
> This might seem like a strange question to ask, but is there a way to
> deliberately create a slow response to an SSH request? I'm annoyed at the
> large number of distributed SSH brute-force attacks on a server I
> administer, trying to guess the password for 'root' and other accounts.
> I think that my server is pretty secure; doesn't allow root to log in
> through SSH, only a restricted number of accounts are allowed SSH access,
> with I think pretty good passwords. But still, the attempts annoy me.
> 
> I wouldn't mind if SSH took say 30 seconds to ask me for my password.
> This would slow the attempts. Is there any way to configure OpenSSH to do
> this? I searched the archives of this group with 'slow' and 'delay'
> but didn't come up with anything on this topic. Please point it out to me if
> I overlooked anything. In addition, I can limit the number of SSH
> connections to 3-5 and still operate okay.
> 
> Ultimately, I need this solution for hosts running OpenSSH_3.9p1 under RHEL
> ES 4 and OpenSSH_4.3p2 under Debian 'etch' 4.0 and Fedora Core 6.
> 
> Thanks in advance for your advice and suggestions.
> 
> -Kevin
> 
> Kevin Zembower
> Internet Services Group manager
> Center for Communication Programs
> Bloomberg School of Public Health
> Johns Hopkins University
> 111 Market Place, Suite 310
> Baltimore, Maryland  21202
> 410-659-6139
> 
> 
> __________ NOD32 3255 (20080709) Information __________
> 
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
> 
> 


[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux