Hi, I remember a long time ago I brought a discussion about incremental delays on ssh login failures. I think it would be a very good solution if it is made by means of power of 2 second increments between failed logins. But no one liked my suggestion. Cheers Christian 2008/7/10 Sergio Castro <sergio.castro@xxxxxxxxxx>: > Sure, by logic the attack will slow down. It won't prevent continuous > attacks though. So my suggestion is, if the service is used only by certain > IPs, then filter all others. > > > > -----Mensaje original----- > De: Fromm, Stephen (NIH/NIMH) [C] [mailto:fromms@xxxxxxxxxxxx] > Enviado el: Jueves, 10 de Julio de 2008 12:51 p.m. > Para: Sergio Castro; Zembower, Kevin; secureshell@xxxxxxxxxxxxxxxxx > Asunto: RE: Deliberately create slow SSH response? > > Yes, but if the attacker is coming from one point and takes 30 seconds for > each attempt, versus 0.03 seconds... > > Stephen J. Fromm, PhD > Contractor, NIMH/MAP > (301) 451-9265 > > > > -----Original Message----- > From: Sergio Castro [mailto:sergio.castro@xxxxxxxxxx] > Sent: Wednesday, July 09, 2008 1:15 PM > To: 'Zembower, Kevin'; secureshell@xxxxxxxxxxxxxxxxx > Subject: RE: Deliberately create slow SSH response? > > The brute force attacks are most likely automated, so if your objective is > to bore a human to death with 30 second delays, it wont' work. > > Have you thought about limiting access to the service to only certain IPs? > > - Sergio > > -----Mensaje original----- > De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En > nombre de Zembower, Kevin Enviado el: Miércoles, 09 de Julio de 2008 11:56 > a.m. > Para: secureshell@xxxxxxxxxxxxxxxxx > Asunto: Deliberately create slow SSH response? > > This might seem like a strange question to ask, but is there a way to > deliberately create a slow response to an SSH request? I'm annoyed at the > large number of distributed SSH brute-force attacks on a server I > administer, trying to guess the password for 'root' and other accounts. > I think that my server is pretty secure; doesn't allow root to log in > through SSH, only a restricted number of accounts are allowed SSH access, > with I think pretty good passwords. But still, the attempts annoy me. > > I wouldn't mind if SSH took say 30 seconds to ask me for my password. > This would slow the attempts. Is there any way to configure OpenSSH to do > this? I searched the archives of this group with 'slow' and 'delay' > but didn't come up with anything on this topic. Please point it out to me if > I overlooked anything. In addition, I can limit the number of SSH > connections to 3-5 and still operate okay. > > Ultimately, I need this solution for hosts running OpenSSH_3.9p1 under RHEL > ES 4 and OpenSSH_4.3p2 under Debian 'etch' 4.0 and Fedora Core 6. > > Thanks in advance for your advice and suggestions. > > -Kevin > > Kevin Zembower > Internet Services Group manager > Center for Communication Programs > Bloomberg School of Public Health > Johns Hopkins University > 111 Market Place, Suite 310 > Baltimore, Maryland 21202 > 410-659-6139 > > > __________ NOD32 3255 (20080709) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > > > > __________ NOD32 3257 (20080710) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > >
