Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] Re: Automatically blacklist IP after multiple SSH login failures
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Fri, 9 Aug 2002 12:50:31 +0200
  • Message-id: <20020809125031.O3183@xxxxxxxxx>
* Peter Wiersig wrote on Fri, Aug 09, 2002 at 09:44 +0200:
> Bastian Friedrich wrote:
> > Am Donnerstag, 8. August 2002 22:01 schrieb Jeff Stewart:
> > > That's a good idea, but I want to be able to shell in from public
> > > computers. Maybe instead of blocking the IP address, I should block
> > > the username from logging in after a certain number of tries.
> >
> > This idea is even worse, as it leads to an easy DoS: If I know your box'
> > IP, I simply connect a couple of times with your login - and
> > afterwards, you're no longer able to connect.
>
> No, you don't. If you spoof the IP, you wouldn't be able to get past
> the TCP handshake.

He said, "*instead* of blocking the IP address, I should block
blocking the IP address, I should block the username".

And for IP: I wouldn't rely to the sequence number to be safe,
finnally it's only a 32 bit value and not as strong as an RSA
key. IP is not for security, SSH keys are made for this!

I suggest to put the key on a floppy disk with a good passphrase
and disallow password auth.

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >