Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Sun, 4 Oct 2009 12:24:08 +0200 (CEST)
  • Message-id: <alpine.LSU.2.00.0910041213280.12109@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Sunday, 2009-10-04 at 01:30 +0200, Hans Witvliet wrote:

On Sat, 2009-10-03 at 23:34 +0200, Carlos E. R. wrote:

Well, that's useful if the IPs are static, but not if the bots are on
dymaic addresses. Plus, six months is a lot of time, those machines could
have been "repaired" since.


You want to block them altogether?
Think again, if they came from a dynamic address, you'll block the next
owner as well.

That's what I was meaning. You can not use a static blocking list, it has to be dynamic. New addresses have to be added and old removed.


Just block passwords all together, it doesn't claim any resources at
your side (In contrast of scrutinysing that number of addresses), and
don't have to analyse your logfiles for ssh-attacks, as there wont be
any anymore.

It is a possibility, where it is possible to use it. For example, my router has ssh, but the login user is fixed by the manufacturer and keys are impossible to add. Thus I have to disable it completely, from the outside.

Then, if I'm to connect from the outside to my PC, I may not have control of the ssh home directory to place my key there - nor might I want to do that, allowing somebody else coming later to steal my key from the file. ssh would have to take the key from a usb stick and never store it locally. For windows, it has been said to use putty on a usb stick, but then, some setups remove the usb port.

Another hassle is the first connection, because you need to store the other part of the key on the server, and for that you need to connect first, without keys. You can see how sourceforge solves (solved?) that, you have to upload the key on a webpage.

- -- Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkrId8kACgkQtTMYHG2NR9VG/ACghACq44tFjm+Lv2JphsCwDiu4
nDQAoIHwsSpFRjfgC1bR2cnYO2IIX1+b
=clIB
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >