El Sábado, 26 de Mayo de 2007 00:50, Wolfgang S. Rupprecht escribió: > "jdow" <jdow@xxxxxxxxxxxxx> writes: > > The common attack is a dictionary attack with several attempts a second. > > So of course, they get one shot to crack a password, usually for > > <snicker> root, which is dumb to begin with. After that first attempt > > they are blocked for the rest of their run. > > Why not just disallow unix-passwords in ssh? No passwords, no > dictionary attack. Guessing an RSA 1k passowrd by trying each should > keep them busy for quite a long time. (many, many times the lifetime > of the universe even if they can test multiple billions per second.) I agree, neither password nor using the default 22 port. Those both simply "rules" would make you be able to say goodbye to all the script-kiddies across the internet who tried to hack remote servers by using the bruteforce attacks. -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues.
