LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] SSH dictionary attacks.

[ILUG] SSH dictionary attacks.

Colm MacCarthaigh colm at stdlib.net
Wed Aug 23 14:36:30 IST 2006 

On Wed, Aug 23, 2006 at 02:20:55PM +0100, Aine Douglas wrote:
> I'm curious now.... the dictionary attacks I've witnessed this morning
> all came from Korea. My ISP is the same Irish ISP that the server I
> connected to is hosted on. Exactly how would the world of dictionary
> attackers, esp those in Korea packet sniff my port knocking?

That's a very twisted form of reasoning. I didn't say that they would.
The point is that measures should take account of a range of different
threats.  ssh is supposed to help protect you against packet sniffing,
port-knocking lacks any additional layer.

Personally I consider the additional complexity it introduces and the
problems that causes when debugging genuine problems make port-knocking
a net harm. It's just not worth it when much simpler methods which are
equally - or more - effective are so trivial to implement.

> >Portnocking requires port-reachability to a series of ports, which you
> >may or may not get through some site firewall, but wouldn't it just be
> >easier to run ssh on a port other than 22?
> 
> In the absence of being able to packetsniff, my Korean friends would
> determine that one with a portscan.

If you are the victim of a genuinely targetted attack, good luck if you
think port-knocking will make a jot of difference. They could just
compromise a neighbour on the same subnet and sniff your traffic that
way, or do something else.

How do you think they found out you were running ssh in the first place?

I guess the day could come when they start scanning every port too and
doing some protocol inspection on it, but it hasn't yet.

> >Less overhead, less complex, same result.
> 
> Less secure ;-)

It's slightly more secure. Either way, the real security comes from
either using well-chosen passphrases which are not so prone to attack or
in not using passphrases at all and using a key exchange. 

None of this is about improving security. It's about getting rid of
nuisance log entries.

-- 
Colm MacCárthaigh                        Public Key: colm+pgp at stdlib.net

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell