Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Strengthen OpenSSH security?
From: MaddHatter <maddhatt+bugtraq () cat pdx edu>
Date: Wed, 19 Apr 2006 21:33:38 -0700

Brett Glass <brett () lariat org> said (on 2006/04/17):
To: bugtraq () securityfocus com
From: Brett Glass <brett () lariat org>
Subject: Strengthen OpenSSH security?

...
It seems to me that sshd should not tip its hand by returning
different responses ...

I agree. I also wish OpenSSH would implement the same security measures
already available in other SSH servers and authentication products --
a dynamic black list. The idea is simple, but effective: connections
from IP addresses that have failed to authenticate X times in the last
Y minutes are refused for Z minutes. For adequate values of Y and Z,
brute force attacks quickly lose feasibility.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]