Re: I love IP Tables....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



  
Tom Rivers <tom@xxxxxxxxxxxxxxxxx> writes:
> The best thing I've found to protect against brute-force SSH attacks is
> something called fail2ban:

Such programs help you save the CPU time of sshd answering the
connection from a single abusive host, but would do little against a
distributed botnet attack.  Luckily botnets aren't really used against
sshd yet, but it they were you'd potentially be seeing distributed
guessing attacks from 10,000 different hosts.  If they all took turns
to guess a single password in round-robin fashion, the filters would
never trip.  I don't know if any of the attacking hosts are
cooperating, but I already see a few time-adaptive attacks, where the
attacker returns after an increasing amount of time to try to stay
under the wire.

(Right now spam pays off more, so the money is in using botnets to
send direct spam.  At some point it may pay off more to use
compromised sshd hosts, so the economics may change.)

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/
Hints for IPv6 on FC6 http://www.wsrcc.com/wolfgang/fedora/ipv6-tunnel.html


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux