Robert G. Brown wrote:
On Fri, 20 Jun 2008, Perry E. Metzger wrote:
"Robert G. Brown" <[EMAIL PROTECTED]> writes:
On Fri, 20 Jun 2008, Chris Samuel wrote:
----- "Joe Landman" <[EMAIL PROTECTED]> wrote:
People spend lots of time and effort on security theater. Make up odd
rules for passwords. Make them hard to guess and crack. Well, is
that the vector for break-ins? Weak passwords?
Yeah - sadly.. :-(
Do you have an recent contemporary evidence for that?
Yes, Run a box with sshd on it connected to the internet and watch your
logs for a few days. You will find numerous attempts to try thousands
of possible account names and passwords -- brute force cracking.
Well, yeah, sure, I know about that as I DO watch my logs -- I just
haven't heard of one of these attacks SUCCEEDING in pretty much forever,
for obvious reasons.
Run pam_abl on your machine, and you can pretty much guarantee that the
brute force attacks will not work, even if they miraculously guess the
right password. This presumes more than some small number of previous
login failures.
[...]
Here is an extract from the log on a real machine, one of mine, from
last night:
Jun 19 20:56:53 smaug sshd[2577]: Invalid user secretariat from
70.90.14.154
Jun 19 20:56:54 smaug sshd[2522]: Invalid user secretar from 70.90.14.154
Jun 19 20:56:55 smaug sshd[23949]: Invalid user present from 70.90.14.154
Jun 19 20:56:56 smaug sshd[3440]: Invalid user test from 70.90.14.154
Jun 19 20:56:57 smaug sshd[8809]: Invalid user test from 70.90.14.154
Jun 19 20:56:58 smaug sshd[21600]: Invalid user teste from 70.90.14.154
Jun 19 20:56:59 smaug sshd[314]: Invalid user teste from 70.90.14.154
Sure, it goes on and on. I don't really LIKE seeing this, especially on
a server with sensitive information, but that is precisely why one
configures such servers with tight controls and runs a password checker.
Use pam_abl. Really. Even if the password were weak, and they guessed
it on the 57th try, pam_abl will stop the login. Read the manual.
Adjust the config settings.
Our ssh logs are scary, have been for a while. They aren't the scariest
of our logs.
Even paranoids have enemies.
--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: [EMAIL PROTECTED]
web : http://www.scalableinformatics.com
http://jackrabbit.scalableinformatics.com
phone: +1 734 786 8423
fax : +1 866 888 3112
cell : +1 734 612 4615
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
