PHWinfo - Afficher un message - using PubkeyAuthentication, still getting dictionary attacks!

05/10/2006, 17h04

Darren Dunham <ddunham@redwood.taos.com> writes:

>Nomen Nescio <nobody@dizum.com> wrote:
>> I used to run my ssh server on a high port no. to avoid the dictionary
>> attacks. It worked quite well but I've had to go back to good ol' port
>> 22 because I've been plugging laptop into networks with *crazy*
>> restrictions like blocking huge ranges of client ports except for
>> specific services.

>I've thought about a stupid simple web page (most sites would allow 80)
>that I could type in an IP address and enable that address for port 22.
>Even with *zero* authentication on the web page, I don't think it would
>be a problem. A bot isn't going to do that kind of work for one host.

Or you could simply have your ssh respond to port 80. Unless you actually
have a web server running on that machine, that will be fine.

>> AIUI, dictionary attacks on PubkeyAuthentication are hopeless, and I'm
>> surprised the attacking "clients" try it. Am I right? Why do they keep
>> trying?

>Stupid bots don't care.

>--
>Darren Dunham ddunham@taos.com
>Senior Technical Consultant TAOS http://www.taos.com/
>Got some Dr Pepper? San Francisco, CA bay area
> < This line left intentionally blank to confuse you. >

05/10/2006, 17h04	#5
Unruh Messages: n/a Hébergeur:	Re: using PubkeyAuthentication, still getting dictionary attacks! Darren Dunham <ddunham@redwood.taos.com> writes: >Nomen Nescio <nobody@dizum.com> wrote: >> I used to run my ssh server on a high port no. to avoid the dictionary >> attacks. It worked quite well but I've had to go back to good ol' port >> 22 because I've been plugging laptop into networks with crazy >> restrictions like blocking huge ranges of client ports except for >> specific services. >I've thought about a stupid simple web page (most sites would allow 80) >that I could type in an IP address and enable that address for port 22. >Even with zero authentication on the web page, I don't think it would >be a problem. A bot isn't going to do that kind of work for one host. Or you could simply have your ssh respond to port 80. Unless you actually have a web server running on that machine, that will be fine. >> AIUI, dictionary attacks on PubkeyAuthentication are hopeless, and I'm >> surprised the attacking "clients" try it. Am I right? Why do they keep >> trying? >Stupid bots don't care. >-- >Darren Dunham ddunham@taos.com >Senior Technical Consultant TAOS http://www.taos.com/ >Got some Dr Pepper? San Francisco, CA bay area > < This line left intentionally blank to confuse you. >